Friday, October 29, 2004

SOX Study Uncovers More Changes in the Boardroom

Two years after the introduction of the Sarbanes-Oxley Act of 2002, corporate reform continues to impact corporate directors, according to a recent study by Corporate Board Member magazine and PricewaterhouseCoopers LLP.

The survey asked directors how much time -- more, the same, or less -- they think their boards should devote to 14 different subjects. Strategic planning was the number one action item, with 58 percent of respondents saying they'd like more time to discuss it. The other top responses were succession planning, meeting key managers, visiting work sites, and discussing the competition. While executive compensation and governance are hot topics in the press today, only 17 percent of respondents thought their boards need to spend more time on compensation issues, and only 11 percent said they should devote more time to governance guidelines. Last on the list of board priorities was compliance and regulatory issues, with only eight percent of respondents saying they want to discuss these issues at any greater length.

Even with Section 404 looming, confidence is increasing. Eighty-two percent of directors believe their company is prepared to implement Section 404 on internal control reporting. However, only 50 percent of directors surveyed think Section 404 internal control reporting requirements will make a difference in the quality of their company's financial statements; and less than half (44 percent ) think Section 302 certification of financial statements by the CEO and CFO will make a difference.

SOX Study Uncovers More Changes in the Boardroom

Tell us what you think. (0) comments.
Send to a friend:   

Thinking Beyond Sarbanes Oxley: The New Reality of Message Management

Join compliance expert, Peter Gerr, analyst, Enterprise Strategy Group (Milford, Mass.) on how to minimize business risk by implementing message archiving technologies. Carey Ransom, product manager, FrontBridge Technologies, will discuss how companies can team with a messaging services provider to simplify the task of retaining and producing important transaction registers to regulators or when required by legal discovery.

WHEN: November 9, 2004
TIME: 9AM PST / 11AM CST / Noon EST

Thinking Beyond Sarbanes Oxley: The New Reality of Message Management

Tell us what you think. (0) comments.
Send to a friend:   

Thursday, October 28, 2004

Jobs: Sarbanes Oxley (SOX) documentation professionals

JBCharles has TWO contracting opportunities for SOX Documentation Specialists with Sarbanes Oxley experience. These positions will be contract until mid-February '05. Participate in best practices meetings, document processes, and create flowcharts using Visio. Requirements include: Documentation/Technical writing experience (minimum 3 years); Previous Sarbanes experience; Familiarity with COBIT; MS Office; Visio; Excellent communication skills; and College Degree in IT preferred.

Contract is located 25-30 miles north of Nashville. Pay rate of $22-25/hr W-2 DOE or $25-28/hr 1099. Local candidates only. PLEASE, no third parties, agencies, or consulting companies.

To apply, please forward your resume to: Susan Hausman, Senior Technical Recruiter, JBCharles, Inc. - IT Resource Solutions,
shausman@jbcharles.com

inside Sarbanes Oxley jobs page

Tell us what you think. (0) comments.
Send to a friend:   

Webinar: Compliance for Sarbanes-Oxley, requirements under the OCC and the SEC, HIPAA, Gramm-Leach-Bliley, Basel II, and others

Coping with and satisfying the myriad of regulatory compliance requirements is perhaps the largest single challenge presented to IT departments in years. Sarbanes-Oxley, requirements under the OCC and the SEC, HIPAA, Gramm-Leach-Bliley, Basel II, and others all have broad implications for IT and the enterprise. Ensuring that you’re in compliance is not optional, but obligatory. How will you prepare your organization with the right answers when the questions are asked?

Join Robert Frances Group Vice-President and Senior Consultant Steve Romaine and Principal Business Analyst Ed Broderick as they discuss "coping with compliance." Mr. Romaine and Mr. Broderick will outline the issues involved and suggest ways to ensure that your organization is in compliance. The concept of data auditing will be introduced as a necessary component in compliance strategies for mitigating the risks associated with data use and meeting compliance requirements for data accountability.

Webinar: Compliance for Sarbanes-Oxley, requirements under the OCC and the SEC, HIPAA, Gramm-Leach-Bliley, Basel II, and others

Tell us what you think. (0) comments.
Send to a friend:   

Compliance and governance dictated by Sarbanes Oxley now forms bulk of E&Y business

Chairman Nick Land attributed this to companies seeking outside help to comply with governance and regulatory measures, including international financial reporting standards and Sarbanes-Oxley.

More than 50% of Ernst & Young's UK revenues now come from non-audit clients, according to the firm's annual results, published today. The firm has seen a 15% increase in fees from non-audit clients, a figure that would rise to 25% if the firm's corporate restructuring business is excluded.

Non-audit work now forms bulk of E&Y business

Tell us what you think. (0) comments.
Send to a friend:   

DaimlerChrysler says it's facing SEC investigation based on anti-bribery law, Sarbanes Oxley

"The investigation follows the filing of a whistleblower complaint with the U.S. Department of Labor under the Sarbanes-Oxley Act by a former DaimlerChrysler employee whose employment was terminated earlier this year," the company said in the earnings statement.

Chief financial officer Manfred Gentz mentioned the investigation in a conference call Thursday but provided no details. He said the allegations were "without merit" from the company's point of view.

Gentz and the earnings statement said the SEC investigation was based on the 1977 Foreign and Corrupt Practices Act, which bars U.S. companies from bribing foreign officials and requires compliance controls.

DaimlerChrysler says it's facing SEC investigation based on anti-bribery law, Sarbanes Oxley

Tell us what you think. (0) comments.
Send to a friend:   

CIO Executive Council Members Worry about Future of Information Technology in United States, Call on U.S. Congress and Academia to Help

Of those CIO Executive Council respondents impacted by the Sarbanes-Oxley (SOX) Act of 2002, the majority (73%) have a clear understanding of what the act requires. (NOTE: Following a spate of corporate scandals, the 2002 Sarbanes-Oxley Act mandated that public companies hire internal auditors to ensure that financial reporting is accurate and ethical. Public companies face deadlines as early as November 15, 2004 or as late as April 15, 2005). However, almost half (49%) do not think the requirements are fair and reasonable. And 42% believe the auditors of SOX compliance are not helpful to their organization's efforts to meet the requirements.

The new poll of chief information officers (CIOs) was conducted by the CIO Executive CouncilTM (founded by IDG's CXO Media Inc. and CIO magazine), revealing 81% of chief information offices are "extremely, very or somewhat concerned" about the future competitive advantage of the U.S. workforce in the global information technology (IT) marketplace. CIOs point to inadequate preparation from universities as a primary cause for their concern with 57% saying a lack of integration between business and IT skills is the biggest problem with today's IT education preparation programs in the U.S.

CIO Executive Council Members Worry about Future of Information Technology in United States, Call on U.S. Congress and Academia to Help

Tell us what you think. (0) comments.
Send to a friend:   

Wednesday, October 27, 2004

Meet your compliance deadline for Sarbanes-Oxley

The deadline for public companies to comply with Section 404 of the Sarbanes-Oxley Act (SOX) is November 15. Many IT pros, however, are still looking for answers to their compliance questions and have a need to know what SOX means to their organization. Below are a number of invaluable resources to use in finding those answers.

TechRepublic has published several articles over the past year that address compliance issues specifically.

Meet your compliance deadline for Sarbanes-Oxley

Tell us what you think. (0) comments.
Send to a friend:   

Big Data Issues at Smaller Companies

Many data-management requirements, most notably the dictates of Sarbanes-Oxley, initially applied only to large public corporations, but their effects are already trickling down to small and midsize businesses (SMBs). These firms must manage data just as professionally as the big guys, providing easy, reliable access to some records and guaranteeing the confidentiality of others. Some of those SMBs may want to go public someday, and they'll be subject to the same regulations as the Global 1,000. And no business of any size is immune to lawsuits, major or minor disasters, or competitive pressures.

"SMBs' storage needs aren't really different than enterprise storage needs," says Nancy Hurley, a Portland, Oregon-based senior analyst at Enterprise Strategy Group, a data-storage research firm headquartered in Milford, Massachusetts. "They want to effectively utilize resources, reduce total costs, and protect and recover business information like everyone else, just on a smaller scale."

Big Data Issues at Smaller Companies

Tell us what you think. (0) comments.
Send to a friend:   

Tuesday, October 26, 2004

White Paper: Akonix Warns Public Companies of Instant Messaging Sarbanes-Oxley Compliance Risks

Akonix Systems, Inc., the premier provider of business solutions for secure, managed and integrated multi-network enterprise instant messaging (IM), is urging organizations to make sure they have included IM as part of their Sarbanes-Oxley (SOX) compliance preparation. As a resource for SOX compliance teams and project leaders, Akonix has published a guide to SOX and IM. This leverages Akonix's extensive experience helping hundreds of corporations comply with similar requirements faced by Financial Services and Energy firms. The guide is available at www.akonix.com/soxandIM.

According to Nemertes Research, as much as 74% of all corporate IM use was initiated by employees without the sanction of corporate IT. In addition, most organizations lack systems for security, control, archiving and compliance -- across both public IM users and enterprise IM systems. For public IM, traditional measures such as firewalls can be ineffective at blocking use, therefore public companies may risk the severe penalties of Sarbanes-Oxley unknowingly. With the first major SOX deadline of November 15 fast approaching, corporations would be well served by adding a review of IM to their compliance efforts for this regulatory act.

Under sections 404 (Management Assessment of Internal Controls) and 105(b), there is an emerging consensus that best practices for compliance means establishing processes for managing electronic communications and a system for archiving relevant messages, and that instant messages should be included in these efforts.

White Paper: Akonix Warns Public Companies of Instant Messaging Sarbanes-Oxley Compliance Risks; With November 15 SOX Deadline Looming, Many Companies Face Risks from Unknown and Unmanaged IM Use

Tell us what you think. (1) comments.
Send to a friend:   

Poll: Sarbanes Oxley Deadline

How close is your company to meeting the Sarbanes Oxley deadline? Chime in on the Information Week Sarbanes Oxley poll and see how your company stacks up against others who are attempting to meet SOX compliance issues.

Poll: Sarbanes Oxley Deadline

Tell us what you think. (0) comments.
Send to a friend:   

Sarbanes-Oxley White Paper: SuperUser (Business Analyst) Access Best Practices in an Oracle Applications

The Sarbanes-Oxley Act is resulting in increased scrutiny on the access that companies have given users to the applications and data. This scrutiny is causing many companies to redefine the role of the SuperUser (sometimes referred to as Business Analyst). This white paper will address the issues that surround such access and discuss the options companies can pursue given their auditor requirements.

This paper will address how companies should handle access of the SuperUser reporting to the technical or functional groups, regardless of that person’s title. This paper will review the impact on the production and non-production environments both through the applications and at the database level. First we will review the impact on SuperUsers that work in IT, and then we will address the impact on the SuperUser reporting to the functional group.

Sarbanes-Oxley White Paper: SuperUser (Business Analyst) Access Best Practices in an Oracle Applications

Tell us what you think. (0) comments.
Send to a friend:   

FRC drafts UK rules on SarBox

The Financial Reporting Council has today published draft rules for UK and Irish companies listed on US stock exchanges on how to comply with section 404 of the Sarbanes Oxley Act.

The guide is based around the respected Turnbull guidance with which most public companies in the UK already comply. All comments must be submitted to the FRC by 30 November 2004.

Section 404 requires companies listed in the US to report on the efficacy of their internal controls on financial reporting.

Richard Fleck, chairman of the FRC's review group, said: 'The SEC has stated that the Turnbull report provides a suitable framework for evaluating the effectiveness of internal controls over financial reporting.

FRC drafts UK rules on SarBox

Tell us what you think. (0) comments.
Send to a friend:   

Monday, October 25, 2004

Rayovac's IT team discusses network security, Sarbanes-Oxley and ROI myths

Ben Bradley recently sat down for a chat with network engineer Mike Gutknecht; Brent Leland, director of business IT; and Rick Dempsey, CIO for Rayovac, to discuss the effect of Sarbanes-Oxley on IT processes, myths about ROI justification and the unanticipated benefit of Sarbanes-Oxley to IT budgets.

Ben Bradley: What is Sarbanes-Oxley?

Rick Dempsey: Section 404 of Sarbanes-Oxley (SOX) says that firms listed on U.S. stock markets must provide annual disclosures and quarterly updates to shareholders on the effectiveness of their internal controls. The executive office must see the details behind reported financial information and must know in real-time of any changes to business performance. In other words, if you aren’t secure, your controls are not effective.

Rayovac's IT team discusses network security, Sarbanes-Oxley and ROI myths

Tell us what you think. (0) comments.
Send to a friend:   

Sarb-Ox Project Following Script

I continue to get a significant amount of e-mail asking about the Sarbanes-Oxley Act, so I thought I would provide an update on our progress toward compliance. Since the last time I commented on this subject, we have come quite a ways.

A few months ago, I attended a meeting with representatives from networking, data center operations, database and application engineering, Unix and Windows NT administration and other groups to discuss control objectives for each area.

We mainly used Cobit (Control Objectives for Information and Related Technology) to help identify our controls. It provides a framework, guidelines and some implementation tools to steer companies in the right direction.

Sarb-Ox Project Following Script

Tell us what you think. (0) comments.
Send to a friend:   

Companies Are Scrambling To Meet The First Sarbanes-Oxley Act Deadline

The proprietary processes implemented by Exec Net Consulting have been updated to include additional emphasis in internal controls and corporate governance as prescribed by Sarbanes-Oxley. Steve remarks "historically compliance related to new legislation is initially focused on companies with publicly registered securities. Then the expectation for compliance is extended to privately held concerns with shareholders and third party debt. The primary emphasis of the Exec Net Consulting process is coaching management on implementing better business processes that result in growing business profits. We are now even more focused on ensuring those business processes accomplish the dual objective of increased profitability and Sarbanes-Oxley compliance.

Companies Are Scrambling To Meet The First Sarbanes-Oxley Act Deadline

Tell us what you think. (0) comments.
Send to a friend:   

Guardium Addresses Sarbanes-Oxley Compliance Solutions at Annual Cyber Security Summit for Financial Services

Guardium, Inc., a leading provider of database access security solutions, today announced that it will address how advanced database security and auditing solutions can help financial services organizations secure financial data and comply with the Sarbanes Oxley Act this week at Information Management Network's 3rd Annual Cyber Security Summit, October 27-28, 2004. Guardium will share insights about the newest database auditing and monitoring approaches and technologies that can facilitate compliance. A bronze sponsor of Cyber Security Summit, Guardium will showcase its SQL Guard solution in booth #1008 at the Metropolitan Pavilion in New York City.

"The goal of Sarbanes-Oxley is to ensure the accuracy of public companies' financial information. However, most of their financial records are stored on databases that are 'black holes' in terms of who, what, when and how they are accessed and updated," said Ram Metser, CEO, Guardium. "Shedding light on and preventing unauthorized access to sensitive financial data has been difficult, if not impossible, to undertake. It's critical that financial services companies understand how new approaches and technologies can easily enable continuous real-time visibility and auditing into database access activities for supporting critical IT governance initiatives."

Guardium Addresses Sarbanes-Oxley Compliance Solutions at Annual Cyber Security Summit for Financial Services

Tell us what you think. (0) comments.
Send to a friend:   

Wednesday, October 20, 2004

SarBox hiring to continue into 2005

Sarbanes Oxley legislation continues to boost profits at temporary recruitment agency Manpower with recruitment expected to continue into 2005, new results reveal.

Jeff Joerres, chairman and chief executive of Manpower, told investors the company had about 450 accounts generated by Sarbanes Oxley work, with many smaller companies yet to get started on compliance work.

SarBox hiring to continue into 2005

Tell us what you think. (0) comments.
Send to a friend:   

Bumper Crop of Corporate Probes

Fannie Mae, Krispy Kreme, Marsh & McLennan, American International Group. This year's "fall harvest" — another bounty of companies under investigation by the Securities and Exchange Commission, the Department of Justice, or New York State Attorney General Eliot Spitzer — provides a reminder of the value of legislation like the Sarbanes-Oxley Act.

"Hopefully, they'll put something that's more practical in place," said Daniel Ustian, chief executive officer of truck maker Navistar International Corp., at the Reuters Autos and Manufacturing Summit in Detroit earlier this month. Other CEOs in attendance made similar comments, according to the wire service.

Section 404 of Sarbanes-Oxley, which must be implemented in next year's financial filings, also came in for criticism. "The internal control part is good," Ustian told Reuters, "but they need to step back and say, 'Is this really doing anything from a practical standpoint? Is this really controlling? Is this really giving the company some benefit?'." He was obviously mindful of a recent survey by Financial Executives International, which estimated that large companies will shell out an annual average of about $8 million to comply with Section 404.

Bumper Crop of Corporate Probes

Tell us what you think. (0) comments.
Send to a friend:   

Hansen Gray Picks GT as Sarbanes-Oxley Consultant

Venture capital firm Hansen Gray & Company will use Grant Thornton as its consultant for Sarbanes-Oxley compliance and accounting information.

“Having a firm with the experience, reputation and expertise that Grant Thornton brings reflects our commitment to ensuring investor confidence as we continue to execute our business strategy,” said Mark Gray, CEO of Hansen gray, in a statement. “We intend to build value through the expansion of our investment portfolio while strengthening Hansen Gray's infrastructure, controls and public reporting. We are excited to be moving toward becoming a fully reporting and Sarbanes-Oxley compliant public company."

Hansen Gray Picks GT as Sarbanes-Oxley Consultant

Tell us what you think. (0) comments.
Send to a friend:   

Tuesday, October 19, 2004

Managing the Next Phase of Compliance

Now that the end of the initial compliance phase of Section 404 of the Sarbanes-Oxley Act is upon us, can organizations rest easy? According to a recent survey, the real work remains to be done.

Ventana Research sees the issues of compliance, audit, and control entering a new phase. In our judgment, the post-scandal period that drove the passage of the Sarbanes-Oxley Act (SOX) is coming to a close. For the past two years, all U.S. public companies -- and even some others that have no legal obligation -- have been scrutinizing and correcting their financial control systems to comply with Section 404 of the act (by far the most onerous element of reform for a public company). For most of these companies, the distraction and anxiety associated with meeting the act's requirements will dissipate over the next couple of months as they complete their initial compliance phase.

Managing the Next Phase of Compliance

Tell us what you think. (0) comments.
Send to a friend:   

Monday, October 18, 2004

Virtusa Corporation Selects OpenPages SOX Express for Sarbanes-Oxley Compliance

OpenPages, a leading provider of enterprise governance, risk and compliance management solutions, today announced that Virtusa Corporation (Virtusa) has selected OpenPages Sarbanes-Oxley Express (SOX Express) for its Section 302 and 404 compliance initiatives.

A global software development and IT services firm, Virtusa specializes in building super-efficient, software platforms tailored exclusively to meet each client's business agility and IT efficiency objectives. Since 1996, Virtusa has partnered with global Fortune 1000 enterprises and leading software product companies to design and develop hundreds of client-specific platforms. Headquartered in Massachusetts, Virtusa has offices and technology centers throughout the US, UK and Asia.

Virtusa will deploy SOX Express to streamline its internal control documentation. It will enable the collection of information regarding ongoing business controls deployment and monitoring, resulting in a reduction of compliance costs. By combining a strong document repository with powerful compliance automation capabilities, SOX Express will facilitate both project management and compliance, using web-based tools to get users up to speed quickly.

Virtusa Corporation Selects OpenPages SOX Express for Sarbanes-Oxley Compliance

Tell us what you think. (0) comments.
Send to a friend:   

Sunday, October 17, 2004

Preparing the Marketing Department for Sarbanes-Oxley Compliance

As companies work to meet the regulatory standards of the Sarbanes-Oxley Act, they are experiencing the legislation's effects well beyond their finance department, compelling internal marketing professionals to focus on how regulation extends to marketing and customer-related functions.

CRM-related processes like marketing discretionary spending, sales revenue recognition, service credits and product returns each have a direct effect on financial reporting. An integrated CRM system can help companies establish controls for the financial reporting related to these processes to easily support compliance with the legislation.

Sarbanes-Oxley requires companies to establish and maintain an adequate set of internal controls for accurate financial reporting that can be audited by a third party [Section 404]. The CRM-related processes outlined above all affect a corporation's financial reporting -- and may not be top-of-mind when planning the overall strategy for Sarbanes-Oxley compliance.

Several other sections of the legislation [302 and 401(b)] have implications for customer-facing activities, including the requirements that sales figures reported for the prior year are correct. Section 409 requires companies to report material changes to financial conditions, such as the loss of a strategic customer or significant customer claims about product quality.

Preparing the Marketing Department for Sarbanes-Oxley Compliance

Tell us what you think. (1) comments.
Send to a friend:   

Saturday, October 16, 2004

Sarbanes-Oxley: Lack Of IT Controls Seen As Reason For Earnings Restatement

As a key Sarbanes-Oxley Act deadline looms, CIOs are coming to grips with the central problem of determining where financial controls leave off and IT controls begin. The problem isn't an academic one: Those companies that fail to learn the lesson could find their top execs behind bars.

Beginning Nov. 15, companies must, under section 404, include a statement attesting to the effectiveness of internal controls over financial reporting with their 2004 annual reports.

The point was driven home by this week's disclosure by SunTrust Banks that it is restating its earnings upward for the first two quarters of 2004 and delaying its third-quarter earnings statement because of improper accounting procedures in its auto finance division. The bank revealed that it had mistakenly used gross charge-offs instead of net charge-offs to compute its loan-loss reserves.

InformationWeek > Sarbanes-Oxley: Lack Of IT Controls Seen As Reason For Earnings Restatement

Tell us what you think. (0) comments.
Send to a friend:   

CRN Systems Integrator Roundtable: Where Integration Is Heading

Bob Suh, partner with Accenture; Marie Rielly, client vice president at SBI.enteris; and Woo Song, chairman of Intrasphere, gave their perspective on such topics as Sarbanes-Oxley, offshore outsourcing and building global delivery capabilities. The excerpts of the discussion can be found by clicking the link below.

CRN Systems Integrator Roundtable: Where Integration Is Heading

Tell us what you think. (0) comments.
Send to a friend:   

Friday, October 15, 2004

Instant messaging could land bosses in jail

UK firms could be breaking compliance laws by using instant messaging, and banning the applications may not be successful. Many companies use IM in the belief that it is exempt from compliance laws, such as Sarbanes-Oxley and Basel II. These regulations demand that companies store all their data for at least seven years. If companies fail to deliver on the regulations, chief executive officers and chief financial officers could be liable to go to jail.

"People are coming to us worried about it," said Mark Smith, a solicitor for Olswang. "There are two problems -- unauthorised use of IM, and from a legal perspective all the [compliance] issues that apply to email apply to IM too."

Instant messaging could land bosses in jail

Tell us what you think. (0) comments.
Send to a friend:   

Big Four shop overseas for Sarbox talent

Some of the UK's biggest accounting firms have begun heavily recruiting staff from abroad, particularly from eastern Europe, because demand is far outweighing supply for Sarbanes-Oxley expertise.

KPMG has one of the most established recruitment programmes. Recruitment director Keith Dugdale said that, since last year, the firm had been drafting in accountants from central and eastern Europe where educational standards and expertise is high.

Glyn Barker, UK head of practice assurance at PricewaterhouseCoopers, said the firm 'constantly has international secondment programmes' in place to ensure it was able to cope with increased workloads in particular areas.

Ernst & Young and Deloitte were not available for comment.

Big Four shop overseas for Sarbox talent

Tell us what you think. (0) comments.
Send to a friend:   

Deloitte Launches Sustained Compliance Solution Framework

Deloitte today introduced their Sustained Compliance Solution Framework as part of an integrated offering that is designed to help organizations move beyond the first year legal requirements of the Sarbanes-Oxley Act of 2002 and achieve sustained compliance.

According to Deloitte, most companies have focused principally on documenting, evaluating, testing, and remediating controls in preparation for the first-year internal control reporting requirements mandated by section 404 of Sarbanes-Oxley. Recognizing the effort that was necessary to meet first-year requirements, many companies are beginning to ask how they can comply with Sarbanes-Oxley using a more efficient approach that maintains quality, integrates assessment activities into the company's operations, reduces cost of compliance, and more effectively utilizes company resources.

"Our experience indicates Sarbanes-Oxley market leaders have already taken that look forward, and are beginning to move from 'project' to 'program' to operationalizing the processes. They are building a sustainable infrastructure that is integrated into their current and ongoing operations -- one that leverages their people, process and technology," said Thomas Church, partner, Deloitte & Touche LLP. "Our Sarbanes-Oxley Sustained Compliance Solution Framework can help management accomplish this -- while helping them meet their regulatory obligation to assess controls quarterly and annually, and to certify to the effectiveness of those controls and the accuracy and reliability of the financial results."

Deloitte Launches Sustained Compliance Solution Framework

Tell us what you think. (0) comments.
Send to a friend:   

Observations from the Sarbanes-Oxley trenches

A lot has transpired since I last wrote about the “Technology Implications of Sarbanes-Oxley” earlier this year. With Section 404 effective dates right around the corner, the emotions of CEOs, CFOs, audit committee members and external auditors are in high gear as many of them are closing in on their first round of reporting.

Wide speculation is that many companies’ material weaknesses will be tied to IT deficiencies. IT has traditionally been viewed as overhead burden by organizations. Now IT is rightfully being recognized as a key foundation of an effective internal control system and therefore very relevant to the ultimate success of the Section 404 initiative.

Virtually everyone from the board room, executive management and audit firms is apprehensive, perhaps even paranoid, about those two little paragraphs of Section 404 of the Sarbanes-Oxley Act of 2002, or SOX, titled “Management Assessment of Internal Controls.” Section 404 requires public companies to report annually on the effectiveness of their internal controls over financial reporting. It also requires their independent auditor to attest on management’s conclusions, as well as render a separate opinion on the effectiveness of management’s controls.

Observations from the Sarbanes-Oxley trenches

Tell us what you think. (0) comments.
Send to a friend:   

Thursday, October 14, 2004

Software helping companies beat Sarb-Ox deadline

Some companies that have until 2005 to document their financial controls under Section 404 of the Sarbanes-Oxley Act, such as Becton, Dickinson and Co., are using documentation software to avoid having to rush their work at the last minute.
Under Section 404 of the Sarbanes-Oxley Act of 2002, most large companies must document in their annual reports the financial and IT controls they have in place for fiscal years ending on or after Nov. 15, 2004. But companies whose fiscal years end before Nov. 15, such as BD, don't have to meet first-time compliance requirements until next year.

Instead of holding off on documenting those controls, BD is using Web-based software from Westford, Mass.-based OpenPages Inc. to help it get ahead of the curve.

"We realized quickly that we could do this [documentation] via Word or Excel spreadsheets, but that wouldn't have been cost-effective or efficient," said Mark Lubas, associate director of continuous assurance for the Franklin Lakes, N.J.-based medical technology company. Instead, BD began evaluating documentation software from 25 vendors in May 2003 and settled on the OpenPages system later that year. BD installed the software on its corporate intranet in late 2003.

Software helping companies beat Sarb-Ox deadline

Tell us what you think. (0) comments.
Send to a friend:   

Automating Auditing with Ecora

A particularly challenging area of Sarbanes-Oxley involves IT assessment and controls, a key area since so many of today’s business processes are IT-driven. Generally, corporate Sarbanes-Oxley Compliance Teams include someone with deep IT background to ensure IT issues are considered during implementation.

This guide was developed to help IT Management understand and improve the compliance process.

Tell us what you think. (0) comments.
Send to a friend:   

Siebel Sees Sarbanes-Oxley Taking Toll On Economy

Speaking to a gathering of private equity investors and startups seeking funding Tuesday night in Silicon Valley, the founder and chairman of Siebel Systems Inc. questioned whether the biggest business opportunities lie in the United States, blaming the Sarbanes-Oxley Act and all the hand-wringing over how stock options are expensed for a business environment that's taken top execs further away from their customers than ever.

"We might have killed the goose that lays the golden egg," Siebel told those gathered for an annual cocktail event put on by Silicom Ventures, a sort of private equity matchmaking group. Siebel said the costs associated with Sarbanes-Oxley haven't been calculated yet, as management teams spend increasing amounts of time sweating over issues that affect margins rather than on big-picture business decisions. Perhaps the most damaging impact, he said, is the creation of an increasingly risk-averse business infrastructure. "You're mitigating every possible risk that can be conceived," Siebel said. "Risk didn't use to be a bad thing."

Siebel Sees Sarbanes-Oxley Taking Toll On Economy

Tell us what you think. (0) comments.
Send to a friend:   

White Paper: Sarbanes-Oxley: Consolidation, Reporting and Content Management Technology Considerations

The Sarbanes-Oxley Act of 2002 led to the most sweeping compliance and procedural requirements since financial regulations of the 1930s. Intended to reduce fraud and failures in corporate reporting, the scope of these actions is all encompassing, affecting audit firms, Wall Street analysts, boards of directors and corporate executives. Published reports about the effects of these actions abound, particularly relating to Sarbanes-Oxley compliance.

This white paper focuses on three critical areas: financial consolidations, budgeting and forecasting, and control repository and document management.

White Paper: Sarbanes-Oxley: Consolidation, Reporting and Content Management Technology Considerations

Tell us what you think. (0) comments.
Send to a friend:   

Wednesday, October 13, 2004

Fool.com: Nightmare on Sarbanes Street

Ironically, while Sarbanes-Oxley is meant to help shareholders, we are seeing examples of the opposite result. Many small-cap companies, such as Homestore (Nasdaq: HOMS), have been disproportionately affected by the surging compliance costs of Sarbanes-Oxley. It can easily cost in excess of $1 million per year for a small-cap company. Recently, Bill Mann pointed out the problems in Your Ownership Is Revoked.

Another impact: Prospective IPO candidates may stay private. Thus, we may be missing the next Microsoft (Nasdaq: MSFT) or Starbucks (Nasdaq: SBUX).

And another impact: Some public companies may decide to go private. This is not necessarily bad for shareholders, as the going-private transaction is usually at a premium to the current stock price. For example, this was the case with Cox Communications (NYSE: COX).

Fool.com: Nightmare on Sarbanes Street

Tell us what you think. (0) comments.
Send to a friend:   

An Overflow of Experts

Sarbanes-Oxley has pushed boards’ use of independent experts to a whole new level. There are a lot more of them, and they’re being called upon in circumstances that in the past would have been either handled by insiders or ignored altogether.

“For years directors have brought in outsiders to opine about merger-and-acquisition transactions,” says Duke K. Bristow, an economist at UCLA’s Anderson School of Management. “What Sarbanes-Oxley has changed is the number and visibility of issues where directors feel the best process requires an outside opinion.”

A recent survey by the National Association of Corporate Directors found that 42.5% of board governance committees are hiring outside consultants to coordinate and lead the search for qualified directors, up from less than 15% two years ago. “That large an increase is absolutely staggering,” says Roger Raber, the NACD’s president and CEO. Boards are using outside experts for a multitude of purposes, but the most pressing need for them is to make sure directors have a complete understanding of Sarbanes-Oxley regulations. In the Corporate Board Member/ PricewaterhouseCoopers survey of directors, 67% say they agree with the Sarbanes-Oxley “requirement that the external auditor assess the effectiveness of the audit committee’s oversight of the external financial reporting process.” And 70% support “the requirement that the external auditor assess the effectiveness of the audit committee’s oversight of the internal control over financial reporting.”

An Overflow of Experts

Tell us what you think. (0) comments.
Send to a friend:   

Tuesday, October 12, 2004

Moneymakers: Hal Degenhardt on Sarbanes-Oxley

Out of anger, haste and politics came Sarbanes-Oxley, but it did serve as a useful shot in the arm to investor confidence. There's a lot of focus on internal controls, on the board of directors, audit committees. I think it's sending a message to boards to ask tougher questions and change the culture of the board room.

I'd like the ability to let companies that want to cooperate with us turn over reports from their outside law firms and general counsel do so without waiving their attorney-client privilege.

Moneymakers: Hal Degenhardt on Sarbanes-Oxley

Tell us what you think. (0) comments.
Send to a friend:   

Accountants riding the Sarbanes-Oxley wave

Over the past two years, accountants and other employees at Iron Mountain Inc., the Boston-based records-management company, have put in over 40,000 extra hours of work, estimates Jean Bua, the company's corporate controller and chief accounting officer. Those hours were needed to make sure the company met the requirements of the 2002 Sarbanes-Oxley Act, passed after accounting scandals at several companies, including Enron, WorldCom, and Tyco.

Sarbanes-Oxley is ''the single most wide-sweeping piece of legislation affecting the accounting profession in my 30 years in the business,'' said William Hayes, president of the New England district at Robert Half International, a financial staffing firm. ''It's affected all levels, depending on the size and internal structure of the company.''

For example, Hayes said, companies and external auditors need accountants with at least three to five years of experience to handle the relatively challenging work related to Sarbanes-Oxley. In many cases, however, these people have been promoted at their own companies or accounting firms, which has opened up new entry-level positions.

Accountants riding the Sarbanes-Oxley wave

Tell us what you think. (0) comments.
Send to a friend:   

Web Services based APIs

"We developed a highly successful application for Sarbanes-Oxley compliance using Plumtree's open and flexible platform," said Stuart Claggett, chief operating officer at HandySoft. "The new remote APIs for Collaboration and Search Server expand on that open platform and will let us add new collaborative and search elements to future versions of the SOXA Accelerator more quickly and easily."

Using Plumtree's Web services-based APIs, developers can embed elements of Plumtree's proven collaboration and search products in a variety of Web applications inside and outside of the portal. As a result, Plumtree customers are able to build more cohesive, contextual applications to serve their customers, partners and employees.

Web Services based APIs

Tell us what you think. (0) comments.
Send to a friend:   

Sarbanes-Oxley Legislation 404: Taking Control Through Expense Management

By attending this web-based seminar, management executives with responsibility for implementing or working with Sarbanes-Oxley legislation for their organization will gain an understanding of industry trends and the ability to take control with expense management automation regarding Sarbanes-Oxley 404 legislation. They will also understand the importance of corporate governance around travel and entertainment spending and the role of expense management programs in supporting Sarbanes-Oxley legislation.

Sarbanes-Oxley Legislation 404: Taking Control Through Expense Management

Tell us what you think. (0) comments.
Send to a friend:   

Taxware simplifies Sarbanes-Oxley Compliance with TaxSolver 4.2

Taxware, a leading provider of tax calculation and compliance solutions and subsidiary of First Data Corp. (NYSE: FDC), today announced the launch of TaxSolver 4.2, the industry’s first tax return generation software package to include Sarbanes-Oxley compliance functionality. With this new release, users easily can view their current liability (i.e. tax calculated) versus compliance profile (i.e. tax remitted) from a sales tax return perspective. These new abilities make possible both the creation of reports for audit purposes and an unmatched level of control for tax directors working to meet upcoming compliance deadlines.

“Our customers believe that Sarbanes-Oxley compliance is the most critical issue they encounter,” said Jayme Fishman, Taxware’s senior vice president of sales, marketing and business development. “With TaxSolver 4.2, enterprises are presented with a streamlined summary of their compliance situations, allowing them to identify quickly any trouble areas, and deploy resources accordingly.”

Taxware simplifies Sarbanes-Oxley Compliance with TaxSolver 4.2

Tell us what you think. (0) comments.
Send to a friend:   

Monday, October 11, 2004

Video: The Finance Leadership Forum: Living In Interesting Times

Nasdaq CEO Robert Greifeld discusses his challenges, from electronic communications networks on the rise to Sarbanes Oxley.

Video: The Finance Leadership Forum: Living In Interesting Times

Tell us what you think. (0) comments.
Send to a friend:   

SEC: Time May Run Out on Internal Controls Compliance, Sarbanes-Oxley

Public companies are required by the Sarbanes-Oxley Act of 2002 to assure investors that internal controls are adequate. Assertions must be backed up by outside auditors.

In coming months, "a number of companies will announce that they have material weaknesses in their controls," SEC Chief Accountant Donald Nicolaisen cautioned in a speech in Chicago on Thursday.

Do not expect the SEC to delay the upcoming Nov. 15 deadline for larger firms. "We do not have any intent to introduce another delay into the system," Nicolaisen said in an interview Friday with Dow Jones Newswires. Smaller firms must comply after July 15, 2005.

Results of the reviews will appear in company annual reports, due out in the first quarter of next year. Nicolaisen told Dow Jones Newswires that he expects firms that don't complete the reviews in time to take preemptive strikes by issuing press releases or filing an 8K report with the SEC to explain the delay. Some believe the number of companies falling into this category could range from less than 5 percent to more than 20 percent.

SEC: Time May Run Out on Internal Controls Compliance, Sarbanes-Oxley

Tell us what you think. (0) comments.
Send to a friend:   

Tools: Aleri Releases Aleri Analysis Engine 3.0

Aleri, a provider of innovative aggregation and analytics software today announced a general availability release of their flagship product, the Aleri Analysis Engine 3.0 at the Sibos Conference in Atlanta, GA. The Aleri Analysis Engine provides users with the visibility and flexibility to more quickly and easily comply with increasing regulatory requirements such as Basel II or Sarbanes-Oxley. Based on breakthrough technology, the Aleri Analysis Engine 3.0 provides companies with greater visibility into their data, accelerating the performance of business intelligence and reporting environments.

"Critical business initiatives such as financial reporting, compliance and business activity monitoring require the ability to aggregate, analyze and update large volumes of data on-demand, while accommodating frequent business change," said Don DeLoach, president and CEO, Aleri. "The Aleri Analysis Engine 3.0 delivers on this need, providing business with greater visibility on their information assets while leveraging existing investments in business intelligence and reporting tools."


Tool: Aleri Releases Aleri Analysis Engine 3.0: "Sarbanes"

Tell us what you think. (0) comments.
Send to a friend:   

Endovasc Enacts Sarbanes-Oxley Compliant Initiative; Business Development Company Adopts New Code of Ethics

Endovasc Inc. (OTCBB: EVSC), a drug development company that has pioneered new cardiovascular and metabolic drug therapies, announces that as a Business Development Company its senior executives and financial officers have adopted a more stringent code of ethics that maintains the standards of business conduct to ensure compliance within the legal requirements of the Sarbanes-Oxley Act of 2002, specifically Section 406.

In addition to compliance with legal requirements, the purpose of adopting this code is to deter wrongdoing and promote ethical conduct, including full, fair, accurate and understandable disclosure of financial information in the periodic reports of the Company.

According to Dwight Cantrell, CFO of Endovasc, Inc., "The matters covered in this Code are of the utmost importance to the Company, our stockholders and our business partners, and are essential to our ability to conduct our business in accordance with our stated values. Financial executives hold an important and elevated role in corporate governance and are uniquely capable and empowered to ensure that stockholders' interests are appropriately balanced, protected and preserved. Accordingly, this Code provides principles to which financial executives are expected to adhere and advocate. This Code embodies rules regarding individual and peer responsibilities, as well as responsibilities to the company, the public and others."

Endovasc Enacts Sarbanes-Oxley Compliant Initiative; Business Development Company Adopts New Code of Ethics

Tell us what you think. (0) comments.
Send to a friend:   

Sunday, October 10, 2004

Software's Next Step

It's no coincidence that services-oriented architectures are maturing at the same time that businesses are doing other housekeeping. Because they encompass auditable business-process management, services-oriented architectures can help companies achieve compliance with Sarbanes-Oxley, the Health Insurance Portability and Accountability Act, and other regulatory requirements. Analyst Stephen O'Grady with IT research firm RedMonk refers to the idea as a "compliance-oriented architecture." For example, electronic-record retention could be manifest as a software service that's reused whenever saving records is a requirement, O'Grady writes in a recent report.

Software's Next Step

Tell us what you think. (0) comments.
Send to a friend:   

Friday, October 08, 2004

SEC Speech: The Themes of Sarbanes-Oxley as Reflected in the Commission's Enforcement Program: September 20, 2004 (Stephen M. Cutler)

I'll come back to those themes at greater length, but at the outset, it's worth noting there has been a lot of debate, particularly in recent months, about the efficacy of the Sarbanes-Oxley Act: Even before its requirements have become fully effective, some have begun to question whether the burdens it imposes are justified. Was such a tectonic shift in our regulatory landscape really needed? Was Sarbanes-Oxley wise policy or was it a politically-driven overreaction to the scandals that gave rise to it? For what it's worth, I come down on the side of the legislation. As memories of Enron, WorldCom, Tyco, Adelphia, HealthSouth and other examples of appalling corporate behavior begin to fade, perhaps it shouldn't come as a surprise that the benefits of Sarbanes-Oxley would be heavily discounted and that the critics would focus almost exclusively on the burdens of its requirements. While I'd be the first to acknowledge that the legislation's costs are not insignificant, I also think it would be a profound mistake to roll back or dismantle the statute's central dictates - particularly before we've had the opportunity to see them at work. And of course, many of the compliance costs imposed by the statute are likely to be higher in the first year or two than they'll ultimately be down the road. In the meantime, I can assure you, the Commission has been, and will continue to be, sensitive to the costs imposed by Sarbanes-Oxley as it implements the Act's provisions.

SEC Speech: The Themes of Sarbanes-Oxley as Reflected in the Commission's Enforcement Program: September 20, 2004 (Stephen M. Cutler)

Tell us what you think. (0) comments.
Send to a friend:   

Sarbanes-Oxley Act and SSH Tectia (PDF)

The SSH Tectia solution can help public companies implement technical security controls as a part of the Sarbanes-Oxley Section 404 compliance plan. By incorporating confidentiality, integrity, and authentication as security services within the corporate network, SSH Tectia enhances the financial reporting reliability by preventing illegitimate modification of financial data, or unauthorized access to accounting information. The centralized monitoring capabilities of SSH Tectia Manager ensure accountability of secure connections including administration access to managed servers which results in improved internal control and auditing.

Sarbanes-Oxley Act and SSH Tectia (PDF)

Tell us what you think. (0) comments.
Send to a friend:   

Mr. Clean

The repair work has not been cheap. Tyco has spent $30 million to comply with the Sarbanes-Oxley Act, which places strict financial controls on corporations. The company spent $1.5 million this year developing integrity guidelines and training for managers and employees.

Mr. Clean

Tell us what you think. (0) comments.
Send to a friend:   

Bringing Business Intelligence to the Masses

High on the list of factors feeding the burgeoning growth rate of BI is an increasingly strict regulatory environment for businesses. Government regulations, primarily in the form of the Sarbanes-Oxley Act in the U.S. and the Combined Code on Corporate Governance in the U.K., are fueling the drive to make companies more honest and open with their corporate information and in their external reporting. Hence the need for business intelligence tools to help companies comply with new government regulations.

Control is another key issue—specifically, greater control over a widening flow of data. According to Gartner Group, by 2012, global companies will have to handle 30 times more data than they do in 2004. A data avalanche of that volume will cause widespread information-system overloads, causing companies to look for better metrics and systems to manage more corporate information. The expected high price of such BI systems—already $250,000 for installation and $1 million and up for maintenance—will rise exponentially and could give pause to cash-strapped companies.

Bringing Business Intelligence to the Masses

Tell us what you think. (0) comments.
Send to a friend:   

ISD Conference '04: Regulatory compliance in the real world

The best way to meet "squishy" security provisions in regulations like Sarbanes-Oxley is to match appropriate controls against anticipated threats and create a defensible case to support those decisions. Otherwise, enterprises risk devoting too few -- or directing too many -- resources to come into compliance, according to Paul Proctor, META Group's vice president of security and risk strategies.

Corporate governance-oriented SOX, which holds public companies' top executives accountable for internal data controls, is especially vague on security. "Sarbanes-Oxley is the absolute worst," Proctor said. "They don't tell you what you need to do at all. Of course, they'll throw you in jail if you don't do it properly."

ISD Conference '04: Regulatory compliance in the real world

Tell us what you think. (0) comments.
Send to a friend:   

Thursday, October 07, 2004

Change management provides a launchpad for SOX audits

When auditors come to your company to perform Sarbanes-Oxley auditing one of the first groups they will talk with is the Change Management department. From an auditor’s perspective, Change Management is one of the best places to begin to understand how your company performs and controls its work, since most if not all the changes to your production environment flow through your group.

Of course, if you work in Change Management, you long ago realized that you had a bull's-eye painted on your forehead and are used to the scrutiny. However, since this is the first time you have gone through a SOX review, you may be wondering what you are up against and will this audit differ from previous audits.

To find out, I spent some time chatting up the manager of change management for a Fortune 500 company about his experiences dealing with SOX audits.

Change management provides a launchpad for SOX audits

Tell us what you think. (0) comments.
Send to a friend:   

Craft your SOX narrative to streamline future documentation efforts

As we enter the fourth quarter of 2004, you may find yourself gazing with satisfaction at the stack of documentation you have created and brought up to date for your SOX audit—a job well done. Savor this moment because it is quite likely you have more writing ahead of you.

Ultimately, the audit staff may read every bit of the documents you have created in order to design their tests. However, staring at a tall stack of documentation, they may feel overwhelmed. To get a handle on your processes and documentation, the auditors may ask you for a guide to help them understand it all now. Typically, this guide will take the form of a narrative (or several narratives) that tell the story in words and pictures of how your group performs its processes. In this column, we will give you some tips that will speed your narrative writing process.

Craft your SOX narrative to streamline future documentation efforts

Tell us what you think. (0) comments.
Send to a friend:   

Resellers Rally 'Round SOX (Sarbanes-Oxley)

Sarbanes-Oxley was originally considered a boon to storage vendors because it requires organizations to retain more information and have the ability to produce it quickly when audited. But Veritas Software Corp. (Nasdaq: VRTS) and other software companies said sales dropped in June as organizations curtailed spending while concentrating on reaching compliance.

"Sarbanes-Oxley did not have that much impact on overall IT, and almost no impact on infrastructure at all," Baird analyst Dan Renouard says. “There were a lot of fears that it would hurt the market, as companies would delay spending and lock down their systems. Then Veritas missed its numbers and pointed to Sarbanes-Oxley as a major reason why."

Resellers Rally 'Round SOX (Sarbanes-Oxley)

Tell us what you think. (0) comments.
Send to a friend:   

IBM, partners roll out ID management suite

IBM and partners have developed a new solution to address U.S. government regulations such as Sarbanes-Oxley that require companies to adopt new security measures. The new system -- using IBM's Tivoli ID management software and products from ActivCard Inc., Bioscrypt Inc., ImageWare Solutions Inc., and VeriSign Inc. -- allows clients to link biometric security, such as fingerprint scans, with applications and networks. In a demonstration, IBM employees created a smart card within minutes that could be used with a fingerprint scan for a company employee to gain access to a building and to the employee's computer. The card can also be used as a traditional swipe card to gain access to a lunchroom meal plan or a company parking lot. The smart card could contain several other applications, including digital certificates.

IBM, partners roll out ID management suite - Computerworld

Tell us what you think. (0) comments.
Send to a friend:   

IT Worker Confidence Takes a Dip

Among the hottest IT skills being sought are those related to network security and compliance with government regulations, such as Sarbanes-Oxley, she says, adding, 'IT people with those skills should feel very confident right now' about job security. "

Other IT worker confidence declined in September after several months of increases, but it remains high relative to the confidence of workers in other industries.

IT Worker Confidence Takes a Dip

Tell us what you think. (0) comments.
Send to a friend:   

Ernst & Young Review Raises New Independence Questions

Accounting experts say the issues Ernst has identified appear minor compared with some of the consulting and other services that auditors routinely performed for clients prior to the 2002 Sarbanes-Oxley Act. And the latest issues aren't on the same scale as Ernst's PeopleSoft agreements, through which the firm received nearly $500 million from 1994 to 1999.

Ernst & Young LLP, which earlier this year was punished for violating auditor independence rules, is telling regulators and some of its clients that it has identified issues that may compromise the accounting firm's independence, according to company disclosures.

In reporting the latest independence issues, some accounting experts say, Ernst apparently is erring on the side of caution because of its previous run-ins with regulators, as well as the fact that the entire accounting industry has come under fire for failures to stop corporate scandals. In a number of cases, Ernst highlighted issues that regulators or the companies themselves determined didn't compromise the auditor's independence.

Ernst & Young Review Raises New Independence Questions

Tell us what you think. (0) comments.
Send to a friend:   

PeopleSoft and Deloitte Launch New Service to Address Corporate Governance

PeopleSoft Inc. recently introduced Governance Jumpstart, a combination of software and services that will enable organizations to more effectively address evolving regulatory and compliance requirements. The new service combines Deloitte's expertise in risk management and internal controls with PeopleSoft's experience in applying best practices to automate financial processes for compliance. Governance Jumpstart addresses IFRS, Sarbanes-Oxley and Basel II regulations for compliance and will initially be offered in the United Kingdom.

Governance Jumpstart provides organizations with a compliance benchmarking analysis from Deloitte and PeopleSoft. The benchmark analysis will assess an organization's compliance systems and processes currently in place, and provide recommendations to improve business processes and the supporting IT infrastructure.

PeopleSoft and Deloitte Launch New Service to Address Corporate Governance

Tell us what you think. (0) comments.
Send to a friend:   

Corporate Governance Reforms Manageable and Permanent, According to Global Survey of Senior Executives

The recent reforms of corporate governance standards have been broadly accepted by senior business leaders worldwide, according to Corporate Reputation Watch (CRW), Hill & Knowlton's annual survey of global management on business reputation issues. According to the study, corporate leaders have overcome their initial misgivings about the potential administrative and financial burdens of complying with the requirements of the Sarbanes-Oxley era.

Only eight percent of senior executives surveyed believe that the task of complying with the new financial disclosure and corporate governance standards poses a real challenge to running a competitive business, while almost half (45 percent) say the compliance burden is "heavy but manageable." Expressing no misgivings about the compliance requirements, 48 percent say that the burden is "reasonable." Moreover, almost two-thirds of those surveyed believe that it is no more difficult to recruit board members today than it was before the new governance reforms were adopted.

Corporate Governance Reforms Manageable and Permanent, According to Global Survey of Senior Executives

Tell us what you think. (0) comments.
Send to a friend:   

Too much auditing, not enough auditors

In the past several months, scores of small companies across Silicon Valley and the country have been getting the same news. Auditors, especially those at the largest Big Four accounting firms, are turning their focus to their big-fish clients, leaving the small ones to flop on the deck.

For many dumped companies, it's a painfully bad time to lose their auditors. Deadlines are looming for all publicly traded companies to document, test and audit their entire system of financial controls, part of the new Sarbanes-Oxley laws passed two years ago.

Some accountants who've gotten panicked calls from small valley companies fear that perhaps a couple dozen of them won't get the necessary seal of approval by the time they issue their next annual report. Depending on the severity of the problems, that could lead to regulatory sanction or losing the right to have their stock trade on an exchange.

Too much auditing, not enough auditors

Tell us what you think. (0) comments.
Send to a friend:   

Wednesday, October 06, 2004

You want me to be your CEO? No way!

The Sarbanes-Oxley law, passed in response to the Enron debacle, requires "incredible minutia of reporting" for companies, says Peter McLaughlin, president of McLaughlin Co., a Denver-based consultant that teaches CEOs to maximize performance and enhance lifestyles.

McLaughlin says CEOs could once choose to delegate a lot to the chief financial officer and others to concentrate on the big picture. But Sarbanes-Oxley holds CEOs accountable for reported numbers, under the threat of prison.

You want me to be your CEO? No way!

Tell us what you think. (0) comments.
Send to a friend:   

Sarbanes-Oxley Act: You ready yet?

Marc Masnik jokes that he sometimes feels he's got Sarbanes-Oxley tattooed all over his body because the law touches everything he does these days. But a bull's eye might be a better image.

Masnik's company, TIBCO Software of Palo Alto, Calif., is among the first wave of publicly traded companies to file an annual report to the Securities and Exchange Commission after the Sarbanes-Oxley Act (SOX) kicks in Nov. 15. The senior IT manager says he's ready to prove on paper that TIBCO's internal data controls work. He's also fully aware failing to do so could land his CEO and CFO in prison.

Time is nigh for corporations to comply with one of the most influential pieces of legislation this decade. Born out of the Enron scandal, SOX is changing the way even private and non-profit companies do business and how leaders view information security. More attention is being paid to risk analyses and investments are being made in security infrastructure. Communication also is improving between top executives and IT managers. The board room is starting to "get it."

Sarbanes-Oxley Act: You ready yet?

Tell us what you think. (0) comments.
Send to a friend:   

Tuesday, October 05, 2004

Gartner on Sarbanes-Oxley: The Role of Technology

Sarbanes-Oxley does not regulate technology; however, using technology effectively can reduce the cost, time and risk of an enterprise's compliance activities. The U.S. Public Company Accounting Reform and Investor Protection Act of 2002 (the Sarbanes-Oxley Act) is not about technology.

Sarbanes-Oxley is about improving transparency and accountability in business processes and corporate accounting to restore confidence in public markets. It regulates processes and business practices, not technology. In the modern enterprise, however, technology often defines and executes business processes or parts of business processes. The technology and business process regulated by Sarbanes-Oxley are so entwined that it's impossible to separate them.

Gartner on Sarbanes-Oxley: The Role of Technology

Tell us what you think. (0) comments.
Send to a friend:   

How To Succeed Under Pressure

In truth, the CIO role has been changing ever since it came into being two decades ago. But "The State of the CIO 2004," our third annual exclusive survey of more than 500 heads of IT, shows an uptick in the demands being made upon CIOs. For many of you, the pressure has never been greater and the keys to success never harder to find. Many of the factors behind this changing dynamic are not of your making and some are out of your control: the difficult economy, first and foremost, but also new regulatory challenges such as Sarbanes-Oxley and the maturation of the offshore outsourcing market with all its attendant opportunities and pitfalls.

But other difficulties have arisen in areas that CIOs can address proactively. Alignment between the business and IT remains fragile and sometimes elusive. It's up to you to improve it. Organizational politics affect CIOs like never before, as your success—and your fate—has become tied increasingly to that of other executives. It's time to build alliances. And the day-to-day requirements of the CIO role, which now look very much like those of any other business manager, raise the issue of how well the IT background of the typical CIO prepares him for the job. There are ways to build your business skills. Employ them.

How To Succeed Under Pressure

Tell us what you think. (0) comments.
Send to a friend:   

Avnet Offers EMC Centera

Avnet Partner Solutions, Americas, a value-added distributor of enterprise servers, storage, software and services, today announced the availability of the EMC Centera(TM) content addressed storage (CAS) solution, which extends the storage offerings of its partners. This new solution enables partners to provide customers with enterprise-class archive solutions to address the fixed-content archiving needs of mid-market organizations, particularly those impacted by compliance regulations such as Sarbanes Oxley (SOX) and the Health Insurance Portability and Accountability Act (HIPAA).

EMC Centera is the world's first CAS solution, designed to store and provide fast, easy access to fixed content -- business-critical information that cannot or must not change, such as e-mail archives, voice records and medical images. By utilizing Avnet Partner Solutions' IT DemoCentral service, partners can conduct live demonstrations for their end-user customers to illustrate the capabilities of the Centera solution as a valuable tool in achieving regulatory compliance.

Avnet Offers EMC Centera

Tell us what you think. (0) comments.
Send to a friend:   

Innovation In Motion

At Morgan Stanley, one aspect of technology innovation is providing a better understanding of risks. This year, Morgan Stanley created a position, called IT risk manager, that pulls together all the issues that underlie risk for a technology organization. This includes document and instant messaging retention, data security, market and credit risk, operating risk and compliance with Sarbanes Oxley and Basel II.

Innovation In Motion

Tell us what you think. (0) comments.
Send to a friend:   

Tracking Innovation in Financial Services

Regulatory compliance has become one of the most critical areas of focus for those who manage these resources. All of the banking/financial services study participants reported that their firms are taking steps to comply with Sarbanes-Oxley (compared to 83 percent of insurance respondents), closely followed by compliance with the USA PATRIOT Act, HIPAA and Gramm-Leach-Bliley (Financial Modernization Act).

The requirements - some might say drains - on IT resources imposed by the tighter regulatory environment are paralleled by the growing demands for beefed up security capabilities, and the Financial Services 40 organizations are acting accordingly. Among the most widely deployed technologies/products in insurance and financial services are intrusion-detection software (100 percent of banks, 94 percent of insurers) and content filtering/anti-spam software (94 percent of banks, 100 percent of insurers). At the same time, other widely used technologies - such as data warehousing (97 percent of banks, 84 percent of insurers), networked storage/SANs (88 percent of banks, 100 percent of insurers), business intelligence tools (88 percent of banks, 84 percent of insurers), Web services (88 percent and 81 percent of banks and insurers, respectively) and content management software (73 percent of banks and 81 percent of insurers) - are critical, not only to compliance and security efforts, but also to revenue-generating initiatives, such as enhanced distribution, product development and cross-selling.

Tracking Innovation in Financial Services

Tell us what you think. (0) comments.
Send to a friend:   

Software International, Inc. Launches New Sarbanes-Oxley Compliance Software Solution

Software International, Inc. (Other OTC:SWII.PK - News), an innovative provider of application development services and information technology (IT) consulting, today announced that its custom software solution for expediting Sarbanes-Oxley (SOX) compliance procedures is now commercially available.

This unique solution, called SiiOX(TM), streamlines the ability of public companies to define, communicate, enforce, control, expedite, measure and continuously improve enterprise business processes as they relate to the Sarbanes-Oxley Act. SiiOX, now commercially available, supports Microsoft®-based solutions and will shortly be available on the Java(TM) platform.

Software International, Inc. Launches New Sarbanes-Oxley Compliance Software Solution

Tell us what you think. (0) comments.
Send to a friend:   

Content Management

Thanks to the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act, both of which effectively regulate the storage of corporate and insurance data, the market for enterprise content management software and services has been strong. With scores of small-time vendors offering services piecemeal--digital rights management for video and audio content, Web content management, and plain-old document management--customers have enjoyed deep price breaks to implement new content management systems. That won't last.

Content Management

Tell us what you think. (0) comments.
Send to a friend:   

Finger On The Pulse Of E-Mail

Defensive requirements protect the organization and reduce risk. This includes addressing regulatory compliance, litigation, and their costs, as well as business continuity and security. Be sure to take a comprehensive look at your defensive requirements. Public companies must comply with Sarbanes-Oxley, but many other industry-specific regulations typically demand attention. For example, financial-services firms must comply with SEC Rule 17 for financial services; and health-care and insurance companies must address Health Insurance Portability and Accountability Act and other requirements for the protection of patient information.

Finger On The Pulse Of E-Mail

Tell us what you think. (0) comments.
Send to a friend:   

Monday, October 04, 2004

The Trickle Down Continues

Some accountants in Illinois are feeling the impact of Sarbanes-Oxley even though they don't have any public companies as clients, because of a recent amendment to the Illinois Public Accounting Act by Public Act 93-683.

CPAs in Illinois are now prohibited from providing the non-auditing services referenced in Sarbanes-Oxley to a private company if the CPA or CPA firm is contemporaneously providing auditing services to the client, and that client has annual revenues exceeding $50 million, or more than 500 employees. An exception is made if, prior to the commencement of the engagement, the CPA provides a prescribed written notice to the company and the president or CEO of the company signs an acknowledgement that the company is aware of this and agrees to it.

The Trickle Down Continues

Tell us what you think. (0) comments.
Send to a friend:   

Survey sheds light on spam, SOX spending

With the Nov. 15 deadline creeping up for compliance with Section 404 of the federal law, SIM asked its survey pool about their investments in SOX compliance. In the billion-plus club, 43% are not spending a dime on SOX, 29% are spending less than 1% of their budget on it and 18% are investing 1%-5%.

The sub-billion revenue companies in the survey are spending even less. Nearly 70% aren't investing anything on SOX compliance, 18% are spending less than 1% of their budgets and 11% are directing between 1% and 5% to the SOX cause.

CIO Bob Denis is spending more to comply with SOX than he is to spear spam. His company, Trimble Navigation Ltd. in Sunnyvale, Calif., is public and does less than $1 billion in annual revenue.

"SOX compliance is huge for us -- it's certainly approaching the million-dollar mark," he said. "Given our size, we're spending an enormous amount of time and money on it."

For those CIOs who may be low-balling the costs of compliance, Denis has an ominous message.

"You've got something coming," he warned. "We're hearing stories that even certain auditors are dropping clients because they're not putting enough effort into it. Get serious about it."

Survey sheds light on spam, SOX spending

Tell us what you think. (0) comments.
Send to a friend:   

Compliance efforts come with big accounting bills

Paul Shipman, the chief executive officer of Redhook Ale Brewery, would like to focus on making money for his Woodinville company. He's ramping up a new marketing and production partnership with an Oregon brewery, contending with increased freight costs and facing tight competition from other breweries.

Yet before he can devote his money and time to those concerns, there are tough new accounting standards under the Sarbanes-Oxley Act his company has to meet.

The brewery expects to swallow $500,000 in Sarbanes-Oxley related accounting expenses this year and an additional $250,000 in 2005. Shipman wouldn't mind if he thought the spending would help his business, which lost $1.8 million on sales of $38.7 million last year, but he doesn't believe it will.

"Sarbanes is a mess," said Shipman, who this year added two accountants to his nine-member accounting department to handle the new requirements. "I don't expect it to add to the accuracy or the quality of disclosure — it only adds costs."

Compliance efforts come with big accounting bills

Tell us what you think. (0) comments.
Send to a friend:   

Smaller auditors find niche

While the Big Four are pulling back from the small-company market, a passel of regional and "second tier" national accounting firms are eagerly filling the gap.

Chicago-based BDO Seidman, the nation's ninth-largest accounting firm, and its affiliates have picked up 41 audit accounts resigned by Big Four firms since the Sarbanes-Oxley Act took effect in August 2002, according to Seattle Times analysis of Audit Analytics data. No. 6-ranked Grant Thornton, also based in Chicago, has taken on 22 former Big Four audit clients.

Seattle's own Moss Adams, ranked 13th by Inside Public Accounting, picked up three former Big Four clients this summer: Insightful, Loudeye and Redhook Ale.

Smaller auditors find niche

Tell us what you think. (0) comments.
Send to a friend:   

PeopleSoft and Deloitte Launch New Service to Address Corporate Governance

UK Organisations to Leverage Industry-Leading Software and Consulting Services for Evolving Compliance Needs

Today at its Connect EMEA 2004 user conference, PeopleSoft Inc. (Nasdaq:PSFT) introduced Governance Jumpstart, a combination of software and services that will enable organisations to more effectively address evolving regulatory and compliance requirements. The new service combines Deloitte's expertise in risk management and internal controls with PeopleSoft's deep experience in applying best practices to automate financial processes for compliance. Governance Jumpstart addresses IFRS, Sarbanes-Oxley, and Basel II regulations for compliance and will initially be offered in the UK.

PeopleSoft and Deloitte Launch New Service to Address Corporate Governance

Tell us what you think. (0) comments.
Send to a friend:   

Business Objects Launches New Sarbanes-Oxley Analytic Solution to Help Businesses Manage Compliance

Business Objects (Nasdaq:BOBJ)(Euronext Paris ISIN code FR0004026250-BOB), the world's leading provider of business intelligence (BI) solutions, today announced the availability of BusinessObjects(TM) Sarbanes-Oxley Analytic Solution, which enables companies to more effectively manage regulatory compliance. The new product is part of BusinessObjects(TM) Analytics, a suite of enterprise analytic applications that allow organizations to better understand their operations, customers, products, and people.

The Sarbanes-Oxley Analytic Solution helps organizations to increase financial transparency and improve oversight of their internal controls structure. The solution allows organizations to perform root cause analysis, and quickly identify and highlight process irregularities so they can take corrective action. An advantage of the solution is that it allows financial managers to investigate the data represented in reports and trace the data source to its origins, which is a key capability for compliance. For example, if there are variances in financial statements, analysts can take immediate action using the Sarbanes-Oxley Analytic Solution to investigate and resolve discrepancies. By providing companies with complete visibility into their financial operations, Business Objects gives executives the confidence they need to certify that their financial results are accurate and up to date.

Business Objects Launches New Sarbanes-Oxley Analytic Solution to Help Businesses Manage Compliance

Tell us what you think. (0) comments.
Send to a friend:   

New Movaris Suite Streamlines Decision-Making for Sarbanes-Oxley Act Compliance and Establishes Strong Financial Control Management

Movaris(R), a leading provider of financial control management (FCM) software, today announced Movaris Certainty(TM) 8.0, a major, new modular suite of its Certainty software for Sarbanes-Oxley Act compliance and financial control management. With new functionality throughout four modules, this latest version of Certainty increases information management and delivery options for better strategic decision-making and tactical performance of compliance tasks. In addition, the multiple built-in linkages between controls, control activities and results, and related financial control information facilitate control performance, evaluations, review and testing, control self-assessments, internal auditor testing, and auditor walkthroughs.

Certainty 8.0's advanced financial control functionality not only manages all phases of Sarbanes-Oxley Section 404 and 302 compliance requirements, it also creates a platform for implementing and improving a strong financial control environment. Customers select compliance and financial control functionality in the suite based on their corporate objectives, aligning compliance technology expenditures with long-range corporate governance strategies.

"To ensure a strong internal control environment and Sarbanes-Oxley Act compliance, CFOs, finance executives, auditors, audit committee members and line-of-business managers need immediate access to critical financial control information," said John Van Decker, senior vice president and lead compliance analyst at META Group, a leading provider of IT research, advisory services and strategic consulting. "Rather than repeating the high costs of gathering and managing this information that incurred in year one, companies can implement a secure, scalable enterprise solution that automatically manages, distributes, and archives the appropriate level of detail for all compliance participants."

New Movaris Suite Streamlines Decision-Making for Sarbanes-Oxley Act Compliance and Establishes Strong Financial Control Management

Tell us what you think. (0) comments.
Send to a friend:   

Movaris Expands Professional Services to Assist with Sarbanes-Oxley Compliance

Movaris, a leading provider of financial control management (FCM) software, today announced enhanced professional services programs to meet the needs of its growing list of Sarbanes-Oxley compliance customers. Designed to reduce the time and out-of-pocket costs spent preparing for and maintaining compliance, the new professional services programs include software implementation planning, deployment services, ERP data linking, control conversion, control linking and import, and information management.

Movaris has defined and introduced these new services in response to requests from customers for additional assistance with implementing Certainty, so that they can quickly extract value from the application, and fully use its functionality.

Certainty FastTrack Essential, FastTrack Plus, and FastTrack Production packages assist new and existing customers with the implementation of technology that will reduce the time and costs of compliance. With these services, customers transition steadily and quickly from planning to installation to production, and development of an enduring financial control environment that eases compliance tasks year after year. In addition, to assist customers with completed control documentation existing in other technologies, Movaris offers custom services to import controls.

Movaris Expands Professional Services to Assist with Sarbanes-Oxley Compliance

Tell us what you think. (0) comments.
Send to a friend:   

New faces on boards: Cleaning up or glossing over?

Publicly traded companies in Washington polished their halos last year, adopting codes of ethics, ridding boards of unseemly business ties and generally trying to cast themselves as angels of corporate governance.
In its second annual survey of Washington boards, The Seattle Times also found enormous turnover on boards, as companies adopted reforms spurred by the Sarbanes-Oxley Act of 2002 and new stock-exchange rules. Those rules also set off a job bonanza for accountants.

Some describe a sea change in boardroom culture: more thinking, deeper analysis, tougher questions by directors. "There's more creative tension," said Phyllis Campbell, who serves on the boards of Safeco, Puget Energy and Alaska Air. The result: "A restoration of confidence in corporations." Others, however, see little more than cosmetic touches accompanied by mountains of paperwork. While the changes are nice — more documentation of financial controls, ethics codes, a hotline for whistle-blowers — the new rules don't necessarily make companies safer or better run. Enron, whose spectacular collapse in 2001 fueled the drive for tougher regulations, had an ethics code, too, they note.

New faces on boards: Cleaning up or glossing over?

Tell us what you think. (0) comments.
Send to a friend:   

SEC Releases Preliminary List of Priorities From SEC Forum

With massive Blue Chip Fraud, by such companies as Worldcom, now MCI (MCI), Imclone (IMCL), Citigroup (C) and Tyco International (TYC), leaving purported and comparatively miniscule "microcap fraud" in their dust, things have turned a bit more positive for advocates for small public companies and their shareholders.

That was evident at the U.S. Securities and Exchange Commission's annual Government-Business Forum on Small Business Capital Formation, held at the SEC headquarters September 20, according to the preliminary report of the results of voting on proposed securities regulation recommendations released by Gerald J. Laporte, chief, Office of Small Business Policy in the Division of Corporate Finance.

SEC Releases Preliminary List of Priorities From SEC Forum

Tell us what you think. (0) comments.
Send to a friend:   

Sunday, October 03, 2004

Sarbanes-Oxley is goring business

The corporate reform legislation that followed the Enron and WorldCom scandals is a classic case of a pendulum that has swung too far.

The law, known as Sarbanes-Oxley after the lawmakers who wrote it, quickly enacted a series of measures intended to curb abuse. They ranged from demands for more oversight and independence on boards of directors to requirements that chief executives certify the accuracy of financial statements.

Now, more than two years after the law was passed, firms are being hit hard with the minutiae of Sarbanes-Oxley regulations, which require companies to describe in excruciating detail a litany of internal controls intended to monitor transactions and prevent fraud. Those controls must then be tested by the company and approved by an outside auditor.

These regulations, known as Section 404, have hit all publicly traded companies, but those most affected by them are smaller firms with fewer resources. What's more, the guidelines for disclosures are vague, forcing many companies to go to extremes out of fear of not earning a passing grade from their auditor.

Sarbanes-Oxley is goring business

Tell us what you think. (0) comments.
Send to a friend:   

Friday, October 01, 2004

Archiving demands attention - vnunet.com

A quarter of IT departments worldwide are bent on upgrading their messaging servers for better archiving ; and another third are already completing upgrades, according to analyst firm Radicati Group.

To deal with the new laws, some enlightened companies have appointed a dedicated compliance officer to shoulder the burden, but the majority have dumped all the responsibility on the IT director.

Firms that deal in global markets also have to take account of laws in other countries. The 2002 Sarbanes-Oxley Act, for example, affects UK firms listed in the US. Under the act, companies have to implement strict document management policies. Anyone who knowingly alters or destroys a record or document with the intent to obstruct an investigation is liable to fines, or prison sentences of up to 20 years.

Archiving demands attention

Tell us what you think. (0) comments.
Send to a friend:   

Ernst & Young LLP Resigns From Audit of Vascular Solutions, Inc. Due to Ernst & Young's General 'Lack Of Resources'

Vascular Solutions, Inc. (Nasdaq: VASC) today announced that Ernst & Young LLP has resigned as independent auditor of Vascular Solutions, Inc. due solely to Ernst & Young's stated lack of available personnel to complete audit and Sarbanes-Oxley work for all of its clients. No disagreements or issues with Vascular Solutions' management controls or financial statements have been raised by Ernst & Young.

Howard Root, Chief Executive Officer of Vascular Solutions, Inc., made the following statement: "Even though Ernst & Young has been the independent auditor to Vascular Solutions since our inception in 1997, they have decided to abruptly resign without notice or transition in the middle of our work on Sarbanes-Oxley management controls and while we are preparing for our 2004 year-end audit. It is ironic that a firm which sees itself as a supporter of entrepreneurial companies would simply abandon a long-term client in the middle of this process. While we are extremely disappointed with both Ernst & Young's decision and the unprofessional manner it was implemented, we believe that Vascular Solutions will be able to retain new independent auditors and complete our 2004 audit and Sarbanes-Oxley work within the required time frame. We intend to discuss with Ernst & Young the added expenses we expect to incur as a result of their decision."

Ernst & Young LLP Resigns From Audit of Vascular Solutions, Inc. Due to Ernst & Young's General 'Lack Of Resources'

Tell us what you think. (0) comments.
Send to a friend:   

Softrax Webcast Will Feature National Experts on the Impact of Sarbanes-Oxley on High Tech Companies

Experts on Sarbanes-Oxley Compliance and Corporate Governance Will Discuss Strategies and Tactics for High Tech Firms

Softrax, a leading provider of revenue management solutions will hold a Webcast on the impact of Sarbanes-Oxley on high tech companies. The online seminar will be held on Tuesday, October 5th at 1:00 p.m. EDT. The featured presenters will be Grant Thornton's R. Trent Gazzaway, National Director of Corporate Governance Advisory Services, and Stephen Masterson the Western Region Managing Partner of Business Advisory Services.

Softrax Webcast Will Feature National Experts on the Impact of Sarbanes-Oxley on High Tech Companies

Tell us what you think. (0) comments.
Send to a friend: