Coping with Sarbanes-Oxley 404
SarBox Demands Tight Internal Controls
Posted on 1/16/2007 (originally published in print on 5/1/2004)
by Marcus Bode
How did we get here?
On July 30, 2002, in response to unprecedented financial reporting irregularities and corporate improprieties, Congress passed the Sarbanes-Oxley Act. The Act, now commonly known by many acronyms, among them Sarbox, applies to all domestic public companies, foreign companies listed on domestic exchanges and private companies with public debt.
What appeared to be a straightforward blueprint toward improving corporate governance has evolved into a time-consuming and resource-intensive exercise. Gartner, for example, predicts that companies will spend upwards of $5 billion in 2004 on Sarbox activities. A typical Fortune 1000 company will spend at least $2 million. While the vast majority of costs will be spent on staff, auditors and consultants, a growing percentage will go toward compliance software.
Why? Finance and information technology executives are struggling with the vast number of provisions and requirements of the Act. Section 302, for example, requires executive certification of financial reports. Section 404, which is only 168 words long, mandates that companies publish a detailed description and assessment of their internal control structure and their financial reporting procedures. This section might ultimately be the Act's most problematic requirement. Nevertheless, the SEC has named November 15, 2004 as the new date by which companies must be in compliance with Section 404.
The Act, along with this compliance date, has sparked a software renaissance not seen since the late-nineties when business-software vendors were touting end-of-the-world Y2K scenarios. Meta Group states that over fifty vendors are now marketing software specifically aimed at Sarbox Section 404. This long list includes ERP vendors, content and business-process-management specialists, upstarts and industry giants like Microsoft and IBM.
Section 404 compliance – Combining Process & Technology
Despite the pressing need to bring internal controls into compliance, fifty-seven percent of software vendors in a recent Meta survey said that sales of Sarbox products had not met their expectations. While some specialty software is making headway into IT budgets, most organizations are taking a more conservative approach, conducting early work on Section 404 using internal resources and seeking assistance from external auditors and process specialists.
To continue reading this article you must have a current VP1 Subscription.
