TORONTO — Corporate compliance with the American Sarbanes-Oxley Act should also be an opportunity to improve internal IT management, experts told a briefing on the subject Thursday.
Inspired by Enron and other recent accounting scandals, the 2002 act is designed to curb corporate reporting
fraud in U.S. companies. Canadians also have to comply if their companies are listed on American stock exchanges or report to an American head office. There are also rumours that the Ontario Securities Commission will soon issue legislation similar in tone to Sarbanes-Oxley.
“”Through Sarbanes-Oxley, you have the opportunity to improve the underlying business processes, said BearingPoint manager Vic Gulewicz, based in Liberty Corner, N.J. “”There’s process, people and technology associated with that.””
The final rules of one of the crucial facets of the act — Section 404, internal control report and external auditor attestation — has been delayed from Sept. 15, 2003 to June 15, 2004. Gulewicz described the delay as “”an opportunity for clients to do this right and do it one time.””
The onus of the act is on corporate accountability, but Gulewicz said IT may have a crucial role to play. “”There is definitely, in our minds, a technology implication to the act,”” he said. “”I think the impact of the act is not just finance. Maybe finance needs to have a lead role . . . but everyone within the enterprise needs to be involved. . . .The initial partner in all this is the IT organization and the CIO. We need to look at the enterprise, regardless, ultimately, of what the act requires.””
A recent white paper issued by BearingPoint (formerly KPMG Consulting) says that key elements of a financial system architecture include enterprise resource planning (ERP), performance scorecarding, data warehousing and records management. The same paper quotes an AMR Research survey of Fortune 1,000 CIOs: Eight out of 10 CIOs predict that Sarbanes-Oxley will require changes to IT, but almost the same number aren’t sure what the ultimate impact will be.
Remy Miland, a senior business systems analyst at insurance firm CNA, said he was asked to attend the Sarbanes-Oxley seminar as a “”scout”” for his company. “”You know what happens to scouts . . .”” he added warily. “”It’s going to hit us. We don’t know how hard.””
CNA is an American firm and the U.S. office will likely take the lead on compliance before deciding on the best course of action for its Canadian operation, he added.
Gulewicz said companies may want to take a pilot program approach to complying with the act and tackle it one piece at a time.
Terry Furlong, a major account manager with the Canadian division of software firm Hyperion, said his company has “”seen a lot of regulations come out”” in its 20-year history. “”One thing we do know is these regulations aren’t going to stop. Things aren’t going to remain the same.””
Hyperion makes business performance management software which could help a company comply with Sarbanes-Oxley. Furlong agreed that meeting legislative requirements is also an opportunity to revisit IT infrastructure.
“”Organizations today want to have collaboration, they want to be aligned,”” he said. “”You need to have that single source of truth, that single record book. . . . That’s really what corporate management performance is all about.””
He added that accountability is not only limited to regulatory bodies, but also to a company’s partners along the supply chain.