WSJ Management

With strict new regulations, such as Sarbanes-Oxley, that include serious penalties for those who do not comply, today's executives face more challenges than before. Lawyers, analysts, auditors, and corporate executives are confronting challenges they have not had to face in the normal span of their work in the wake of compliance regulations.

According to AMR Research, Fortune 1000 companies on average will spend about $2.5 million just on Sarbanes-Oxley compliance tools in 2003. Technology tools that help speed the implementation and adherence to regulations can automate the process, reducing compliance-related headaches. Compliance with new federal regulations is not a one-time event and must be adopted with that in mind.

The Problem
In organizations today senior management needs to address three key areas of risk - controlled, inherent, and detection risk.

• Controlled risk: Can generally be classified into the environment, information systems, and procedures, all of which can be easily "controlled." They comprise attitudes, ability, awareness, and actions of management as they impact business operations
• Inherent risk: Cannot be controlled by the enterprise; the control environment created and supported by management can help ensure statements reflect economic realities. No structure can be 100% effective; therefore, some risk is normally associated in the normal course of business.
• Detection risk: The risk of not finding misstatements in reports.

The National Association of Corporate Directors (NACD) indicates that for corporate directors alone, time spent in areas such as this has gone up from 125 hours in 1999 to 250 hours in 2002 with an estimated increase of 20% in 2003. Technology must, and can, help solve this very important problem.

With looming Sarbanes-Oxley Section 404 deadlines and Section 409 requirements around the corner, time is of the essence. The application of technology is mandatory in order to provide the rapid return being sought.

Requirements
Today's standards require many controls, including a foundation for internal and external checks. Risk assessment by management of relevant risks and how they will be addressed is vital in the compliance process as is information and communication supporting all control components.

Technology is playing a key role in the compliance process. For example, the Internet is an ideal tool to monitor performance, risk, and compliance. Other common tools, like spreadsheets, are cheaper and easier to use but pose a control risk and reduce accuracy, agility, and transparency. Today's systems need to be streamlined to meet shorter deadlines and must manage documentation.

Senior executives should first determine how well their systems function and test the maturing of their internal controls by asking questions. Addressing the issue could be a function of process rather than technology. It is here that Web-based tools designed for simple access to large stores of data presented in user-friendly formats can play an essential role.

Simple areas where tools can aid in compliance are in enhancing internal controls. Today companies' recording and reporting systems remain messy. Ideally all of the reporting systems will be linked electronically to enable enterprise-wide drilldown to the smallest detail. For example, a compliance tool can help shorten the time between the end of the financial period and the government filing.

In today's business climate, where scandals have demanded companies focus on, and be able to demonstrate, good corporate governance, there is much more at stake than traditional cost and productivity issues. Rising D&O premiums (some estimate at 40% per annum), heightened personal liability for corporate directors and executives, potential reduction in access to capital, and lowered company valuations have broadened the need for greater flexibility in the technology required to support compliance initiatives. A simple initiative of providing corporate transparency has a tremendous ripple effect.

Content of various types must be easily aggregated, such as spreadsheets, Word documents, and other materials that might make up the notorious three-ring binder Board Book. External information, not just internal, to an organization, such as competitive and market intelligence, must be accessible without stepping through multiple screens and sign-ons, rendering the application unusable. Events from the ERP system of record that are deemed material must be pushed out to those needing notification. Overextended marketing budgets, excessive goodwill write-offs, out-of-control overhead expenses, and revenue items falling outside of normal guidelines are just some of the items drawing increased scrutiny from shareholders and regulatory agencies, not just the traditional internal company management. Streaming the detail and parsing via XML gives the appropriate level of user the optimal level of drill-down capabilities.

The use of the same information, provided with appropriate security, can allow a corporate director to prove duty of care, a department head to maintain consistent levels of performance, and the knowledge worker the ability to adapt to changing conditions when appropriate.

Solutions
Fortunately, a reliable remedy is at hand. Business performance management practices and technology enable organizations to comply with today's stringent requirements. These practices and solutions can drive profitability through a planning, monitoring, and reporting cycle.

While automated compliance solutions are often installed in an organization, they are considered by IT departments as too difficult or are limited in their scope. In some cases, automated checking systems can be flexible and powerful enough to incorporate the entire compliance process.

In many cases, all of the data is available. In fact, most of the time there is an overabundance of data. The real challenge is in pulling it all together in a meaningful way by providing context and allowing powerful visualization and easy exploration.

Solutions evaluated need to be event- and data-driven and provide a near real-time effect. Solutions incorporating the current Web services standards in order to facilitate interoperability of disparate systems without the costly and time-consuming enterprise application integration (EAI) projects of the past will lead the way. Web services, SOAP, and XML are all technologies that need to be leveraged in order to provide just-in-time enterprise information integration (EII) at the point of use. This will facilitate timely decision-making and more rapid response to potential threats to the business.

The next step is to ensure that whatever solution organizations choose it supports occasionally connected functionality. This is a nontrivial exercise to support. The notion that an Internet connection is available everywhere just does not hold water. Being tethered to a server in an always-on mode goes against the notion of the highly mobile workforce.

A key element of the most appropriate solutions will be the ability to cut across departmental silos by pulling in information from multiple sources, very possibly external as well as internal to the corporation. The impact of these will provide tight linkage to the current trend of being business process focused. This is where it gets tricky. Do you use dashboards from the various ERP, business intelligence, and operational vendors you have in-house and try to stitch them together, or do you go for a common dashboard technology that you can connect to the myriad data sources you have in the organization and deliver a consistent look and feel across the enterprise?

The last major element of the solution must support extensive and easy end-user role-based personalization without constant programmer intervention.

Conclusion
With technology readily available to aid in the compliance process, organizations will now be able to compress reporting cycles, accelerate budgeting and planning processes, and gain the ability to capitalize on business opportunities as they arise. The potential is endless.

Add Your Feedback

In order to post a comment you need to be registered and logged in.

Register | Log in

Please wait while we process your request...