Compliance
  Governance
  Risk-Management
  Security
Roundtable
< Back

What is the single most challenging Sarbanes-Oxley issue today?



Soheil Saadat
President and CEO
Scientific Software

Weve found that although many companies have made the initial effort to comply with the Sarbanes-Oxley Act, there is still a lot of confusion and fair amount of uncertainty about exactly how to achieve compliance on an ongoing basis, each quarter and each year in the second year and beyond. Some of this confusion is due to the fact that the requirements are clear, but the processes, procedures and systems that need to be in place to support them are not well-defined. The fact is, we see many public companies struggling to build a sustainable infrastructure of internal controls, supporting technology, and best practices to get them beyond the initial readiness phase.

As such, companies need to shift from a short-term reactive approach to a longer-term proactive approach to improving Sarbanes-Oxley compliance in order to support their strategic needs. Specifically with Section 404 mandates, companies now need to meet accelerated filing timelines for disclosures, improve disclosure-related business processes, and provide more accurate and trusted information to the SEC and investors.

One key area where process improvements can be made is in focusing on the technology infrastructure needed to effectively manage electronic corporate records, and specifically financial spreadsheets and reports. In recent years, there have been some significant and devastating errors related to financial spreadsheets, several were cited in a recent report from PricewaterhouseCoopers (PWC). In one recent case, a major financial institution made a $1 Billion error in their financial statement, and the root cause of the error was traced back to a flawed spreadsheet change control process and unapproved changes to formulas. In another case, a trader at a bank was able to extort a significant amount of money and was undetected for several months. Again the root cause was traced back to the unapproved manipulation of spreadsheet models used by the banks risk control staff, and inadequate document security (The Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act, PWC, July 2004).

A proactive approach to remediating financial spreadsheets and critical corporate records includes the implementation of a Sarbanes-Oxley compliance technology framework that incorporates software to improve the management of electronic corporate records and automate key processes (such as financial disclosures, management of standard operating procedures, corrective actions, internal and external communications, etc.). For example, a well-known greeting card maker and television broadcaster recently invested in a Microsoft Excel spreadsheet remediation solution to apply document change control, version control, access control, and special cell-by-cell audit trails to 250 key financial spreadsheets. This solution will provide the company with an effective financial risk management strategy to better track changes to key financial indicators and help minimize the risk of errors in the disclosure process. The result of this type of technology investment is a scalable, long-term solution that can be applied in the same manner to other key corporate records (such as audit work papers, tax documents, marketing materials, corporate communications, standard operating procedures) leading to improved corporate and regulatory compliance, increased audit efficiencies, and reduced risk of non-compliance.


About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY