The silver lining in compliance

Executives breathed a collective sigh of relief this spring when the Securities and Exchange Commission extended its deadline for public companies to comply with Section 404 of the Sarbanes-Oxley Act.

Section 404 requires executive management and independent auditors to assess and report on internal controls on a quarterly and annual basis. That's going to be challenging when one considers that almost half of all public companies in America still rely on cumbersome spreadsheets and manual processes to reconcile data used for financial reporting.

Although the SEC's extension is welcome news for those not prepared to comply with Section 404, CEOs and CFOs shouldn't relax just yet--nor should CIOs who are increasingly being looked to for answers on how to institute strong internal controls that can stand up to repeated audits. By granting the nine-month extension, the SEC is sending a message that it takes Section 404 compliance seriously, so seriously that it is willing to give companies more time to put the right systems, processes and controls in place to prevent the likes of another Enron or WorldCom.

Executives who fail to take advantage of this extension do so at their own peril. CFOs without strong internal controls will be held accountable if something goes wrong and could be at risk for jail time. Already, the Department of Justice has opened more than 150 investigations into allegations of corporate fraud since the Enron scandal. And jail time isn't the only repercussion: Once Section 404 goes into effect on June 15, 2004, public companies not prepared to sign off on the adequacy of their internal controls could also face the wrath of Wall Street in the form of ratings downgrades and market sell-offs.

With multiple deadlines looming, many companies are getting out their checkbooks in search of a "silver bullet" solution. They want something they can implement quickly and inexpensively to restore confidence and ensure compliance with Section 404 and other mandates around real-time reporting and disclosure.

However, the savviest companies are looking for the silver lining in compliance, not the silver bullet. They view Sarbanes-Oxley as the catalyst for systemic change and financial transformation, and are using the legislation as the lever to invest in new technologies that will strengthen their ability to execute on corporate goals as the economy recovers.

CFOs without strong internal controls will be held accountable if something goes wrong and could be at risk for jail time.

Their top investment priorities will be technologies that support a companywide, best-practice approach to regulatory compliance and enterprise performance. Such an approach will focus on automated business processes and embedded systems controls--not on error-prone spreadsheets--to ensure that corporate disclosure and financial reporting requirements are defined clearly, performed consistently and managed effectively.

Well-designed controls are synonymous with best practices. They provide the foundation for creating world-class finance organizations able to deliver both regulatory compliance and enterprise performance. And in the case of Section 404 compliance, automated internal controls that are embedded into all financial processes are critical, providing checks and balances that a standalone reporting system cannot ensure.

The best companies rely on strong internal controls and monitoring systems to achieve the following benefits:

• Elimination of redundant or inefficient control activities. The better companies carefully assess their control environments to eliminate processes that are duplicative or ineffective. This saves time and money. In fact, these organizations typically have lower finance costs as a percent of revenue than average companies.

• Standardized and simplified systems. By limiting the number of systems and application interfaces they use, companies can reduce the likelihood of missing data and time-consuming reconciliation. Standardizing on a single system ensures consistent enterprisewide processes, better visibility across the company and decreased maintenance costs.

• Increased accuracy and effectiveness. World-class companies use best-practice reporting from a data warehouse to produce reliable and timely financial reports, and run their business based on consistent and relevant information. With trustworthy data, management will be able to hold employees accountable for results.

Here are the benefits up and down the line.

CEOs and CFOs benefit by achieving the accuracy, integrity and reliability they need in their internal controls and processes to certify financial reports with confidence.

CIOs win by becoming strategic partners with their financial organizations, using financial best practices to drive down transaction costs, improve decision support, extend control and accountability, and maximize profitability.

And employees and shareholders fare well when best practices are dedicated toward improving corporate governance because the markets award higher valuations to companies demonstrating leadership in areas such as financial transparency and real-time corporate disclosure.