The Silver Lining In SOXThe Silver Lining In SOX

Most large public companies are in the throes of their first annual audits under the financial reporting provisions of the Sarbanes-Oxley Act (SOX). Processes have been documented, risks defined and controls put in place, yet few companies have made the fundamental changes to financial systems and processes that will enable them to comply with the law efficiently.

Consider the impact on competitiveness and profitability if you could close financial reports more quickly, provide accurate and consistent information to the field sooner, and expand the scope of financial data to include more operational figures and predictive performance indicators.

Long-term solutions for SOX compliance all but demand financial systems redesign. Rather than take a piecemeal approach focused on compliance alone, look for process and system changes that will have a broader impact. By eliminating manual steps and automating wherever possible, you can improve finance department efficiency and corporate decision-making while also building in compliance controls and avoiding costly auditing steps. You may even discover the capabilities needed to support process improvement already exist — unused or underutilized-in your enterprise resource planning (ERP), business intelligence (BI) and reporting systems.

SOX Drives Fundamental Changes

SOX is sweeping legislation that addresses financial control, financial transparency and auditor independence. (See "Sarbanes-Oxley: The Darkest Clouds" for a summary of provisions that affect U.S. public companies.) Some of the detailed SOX rules affect companies directly, while other rules have an indirect effect, such as requiring greater audit scruitiny (and therefore higher fees) from public accounting firms.

Among the SOX rules that apply directly to U.S. public companies, perhaps the most onerous is Section 404. In place of informal systems that relied on the integrity of financial executives, common sense and after-the-fact postreporting audits, Section 404 has introduced formal systems aimed at building in control. The objective of this total quality management approach is to prevent fraud from occurring in the first place.

Given the fundamental change in approach demanded by Section 404, designing and documenting controls for financial processes as they existed before SOX amounts to paving over cow paths. Faced with tight compliance deadlines, some companies have taken this approach, but leaving financial processes as they are will ultimately drive costs higher. Finance organizations that are subject to SOX are expending as much as 10 percent of their labor on compliance, according to research by Ventana. Within a large public company, this figure represents millions of dollars in costs that could be eliminated through a structured approach.

Address Efficiency

Among more than 100 finance and IT executives who participated in a recent Ventana study, most agreed that fundamental process and financial system design changes are needed. More than 80 percent said it's either "important" or "very important" to automate manual accounting processes such as rekeying data, entering accruals and making adjustments. Executives also ranked "harmonizing the company's charts of accounts" and "reducing spreadsheet use" as important goals.

Harmonizing charts of accounts (in other words, how the books are organized) across a company can save big money because it simplifies managerial and financial processes (including consolidation) and external audit processes. Companies typically feed core financial processes with hundreds of spreadsheets located on individual desktops or, perhaps worse, on shared servers. These tools are uncontrollable, offering no reliable audit trail that ensures data integrity. Consequently, spreadsheets are difficult (and therefore expensive) to audit. Studies have also shown that they're rife with flawed formulas and, as a result, bad data.

Spreadsheets also pose compliance problems because they can serve as the point of entry for fraudulent schemes. A set of inflated figures from a rogue executive or business unit might not set off red flags in a spreadsheet, but an automated approach could eliminate manual data entry and add systematic controls. Introducing spreadsheet controls such as separation of duties can actually require additional testing and auditing — and even more inefficient human activity and expense.

Redesigning financial systems can eliminate many of the inefficiencies and compliance headaches presented by charts of accounts and spreadsheets while also addressing another common problem: process inconsistency. In some companies, dozens of variations exist in how accounts payable alone is executed. These variations drive up compliance costs by demanding multiple control methods and more difficult, expensive audit processes.

Promote Effectiveness

Efforts to comply with SOX can also improve financial system efficiencies and financial processes. The first step toward more effective financial management is shifting activities and resources away from manual accounting and transaction processes and toward automated approaches. There's a direct connection between the changes needed to comply with Section 404 and the streamlining necessary for better efficiency and profitability.

You don't have to transform all financial processes overnight, but senior finance and IT executives should set specific one- and two-year process improvement objectives and a road map for implementation. Eliminate spreadsheets wherever possible. You'll save time and labor while also reducing the need for compliance-oriented financial controls, testing and documentation.

The next step is to improve data quality and consistency. Again, minimizing manual processes (for reconciliations, rekeying data and the like) and eliminating spreadsheets (for consolidating data and generating periodic and enterprisewide reports) goes a long way toward reducing data errors and their consequences — such as having to restate results.

Data consistency is a problem even in well-managed financial environments because people often use numbers derived for one purpose in another context, which can produce "dueling spreadsheets." When your employees are busy arguing about who has the "right" number, what happens to pressing business issues? Address the consistency problem by centralizing reporting and eliminating standalone spreadsheets as analytic tools.

You probably have the BI tools to improve data quality and consistency, but are you exploiting them to their fullest? Standardize tools and rationalize reporting to eliminate waste.

To reach the next level of effectiveness, shorten the time required for such processes as the periodic financial close, procure-to-pay and the order-to-cash cycle. The shorter reporting intervals mandated by SOX (see "Compliance Timeline") offer reason enough to make changes to speed the close and shorten the time required to produce statements. Yet these improvements also will make it possible to shorten management reporting cycles. The extra time and effort spent developing integrated systems will pay dividends by shortening end-to-end process execution, improving cash flow and increasing customer satisfaction.

Finance organizations are the primary source of data for assessing company performance. Although corporations are typically rich in accounting data, they often lack critical operational data needed to get a more complete, current view of how well they're doing. Performance indicators almost always lag because they rely too heavily on accounting information.

To manage more effectively, you must deliver timely operational data to business users. Leading indicators include internal metrics (such as customer satisfaction and production quality trends) and external metrics (such as downstream demand indicators). By developing reports focused on leading indicators, you can call attention to factors affecting future performance. Again, finance departments will need help understanding what information is already available and help accessing the information (using existing systems when possible).

Companies Have Benefited More Than They Realize

The average cost of operating the finance organization, measured as a percentage of sales, declined from 1.9 percent to 1.1 percent between 1992 and 2003, according to the Hackett Group (This decline equates to some $60 billion saved annually by the Fortune 500 alone.) For many companies, the size of finance staffs held steady as revenues grew. During this period, companies spent heavily on ERP systems that enabled organizations to expand and streamline the collection of transaction data. They built data warehouses and deployed BI software and analytic applications that let them replace unwieldy manual systems.

You could reasonably conclude that the remarkable increases in productivity over the last decade were largely attributable to IT investments. If you ask senior finance executives what benefits they've received from their heavy IT investments, however, they would probably reply: "Not much."

The gap between perception and fact isn't surprising. The benefits of IT investments were realized by finance organizations over an extended period of time and mainly through cost avoidance rather than observable cuts. Meanwhile, ERP deployments were often expensive and disruptive, and the benefits were oversold. Many surveys published in the late 1990s found widespread dissatisfaction with ERP systems.

Unfortunately, many finance organizations have failed to achieve anything close to the full potential of their IT systems. Companies are reluctant to change their accounting systems unless not making a change threatens the orderly conduct of the business.

Fortunately, the need to adapt to the more formal control environment of SOX gives companies an opportunity to make their IT systems more useful. Not only can they address the efficiency issues created by Section 404, but they can also enhance the effectiveness of the finance organization and the entire company.

ROBERT D. KUGEL is a Chartered Financial Analyst and vice president/research director at Ventana Research. Write him at [email protected].