Financial Daily from THE HINDU group of publications
Thursday, Sep 16, 2004
Financial Daily from THE HINDU group of publications Thursday, Sep 16, 2004 |
||
|
|
||
|
Opinion
-
Accountancy Columns - Account Speak Shock of SOX for accountants but IT simply loves it! D. Murali
But I think action is happening elsewhere, not far from the Kovalam resort, in an offshore development centre of US Technology, which in turn is an IT services organisation in the `$4.5 billion Comcraft Group'. Sitting there, Dinu Chako and Sivakumar Thekkenaduvath are looking at a different emerging global opportunity — that of SOX compliance. Their five-page `white paper' begins with the story of how the Sarbanes-Oxley (SOX) Act was born in troubled circumstances to deal with "corporate governance, financial disclosure and the practice of public accounting". It is no idle academic interest that brings these IT professionals into the dreary world of accounting. In SOX, they see technology spends, running to billions of dollars. How? "An average Fortune 100 company maintains roughly 50 million lines of code," explain the authors, Dinu and Siva. "50 per cent of the total code would be impacted by SOX-compliance requirement." And that means huge IT budget in the US companies to make their applications compliant even as SOX deadlines are fast approaching. Don't forget, `SOX is not a one-time effort like Y2K'. The graphic captures the structure of a SOX-compliant system, giving the techies' view of the new age accounting. Thus, they talk about `physical' aspect where the financial system is divided into different units "based on the corresponding business functions", such as asset management, purchase, sales, payroll and so on. "The central repository consolidates information from different sources like financial applications of the company, internal control and operational data. The user can, therefore, easily access all the information needed to generate different reports for the company. The central information store provides managers all the information necessary for SOX-compliance and fast and accurate decision-making."
On internal control, the duo speaks of checks on the workflow — "right from the creation of data to the publishing of the certified reports". Every company needs to do a self-assessment of its internal controls around its financial reporting process and identify the `gaps', they add. SOX dangles a sword on the necks of the CEO and CFO because these officers are personally responsible for reliability of disclosures. So, the model from US Technology affords the CEO and CFO access to central repository — "to compare the reports with actual data". For achieving data integrity, companies would need to pay attention to both risk and configuration management. "Once the CEO finds the report ready to be published, he could digitally sign the report. This will boost the confidence of the public on the financial disclosures of the public company." The paper identifies at least seven different SOX-compliance related activities and plugs them in `return vis-à-vis risk/complexity' quadrants. What are seen as `high return high risk' are gap analysis, SOX consultancy and SOX audit. The `low' ones are documentation of existing controls and processes, and analysing existing controls. `High return, low risk' activities are programming for enhancements, and identification of SOX compliant tools. In between the fun that the CA delegates would have at the beach resort conference, I'd be happy if they found time to thumb through the latest auditing standard from the PCAOB, on "Audit of internal control over financial reporting performed in conjunction with an audit of financial statements." Recently approved by the SEC, it runs to more than 150 pages.
Surf the Net for SOX compliance work and you'd find in www.oracle.com a discussion of `Internal Controls Manager', a comprehensive tool that enables executives, controllers, internal audit departments and external auditors to document and test internal controls and monitor ongoing compliance. "Oracle Internal Control Manager helps you comply with The Sarbanes-Oxley Act of 2002, which requires executives and auditors to attest to the effectiveness of their internal controls," says the site. With ICM you can, "Attain more efficient internal control testing, maintain higher certainty in your risk assessment and," hold your breath, "lower external audit verification costs on an annual basis." On www.isaca.org, the site of Information Systems Audit and Control Association, there is ample guidance on SOX issues. Accounting biggies have not lagged behind in SOX guidance. Among software companies also there is a great race, as you'd see, for instance in www.movaris.com where it talks of a product called `Certainty' to dramatically reduce the time and out-of-pocket costs of SOX compliance: "Certainty allows you to document and review financial controls, schedule testing and evaluation of those controls, and prepare Section 404 and 302 compliance reports on demand." Then, there is `SOX Express' from www.openpages.com — "the market-leading enterprise software application for automating the corporate financial reporting and disclosure compliance requirements of Sections 404 and 302 of the Sarbanes-Oxley Act." It integrates Internal Controls Workbench (ICW) compliance software acquired a few months ago from PricewaterhouseCoopers. The Microsoft Office Solution Accelerator for Sarbanes-Oxley speaks about offering "more visibility over financial processes and controls". Benefits that it promises are: "Provide real-time visibility into processes, risks, and controls from a single point of access; manage and use information to effectively make decisions, not just collect data; reduce costs by facilitating and accelerating the compliance process; and establish a flexible foundation for longer-term compliance initiatives." About a month ago, SAP India showcased its `newest innovations' to help companies `align their business processes and IT systems more easily and effectively for corporate governance compliance with' SOX. Achieved through "working closely with leading consulting and accounting firms", as the company communiqué stated. Ved Prakash, Practice Head - Customer Care and Billing, Wipro Technologies, explores the impact of the SOX on customer care in a `perspective' posted on www.wipro.com. On Section 409 of SOX that requires companies to provide `real time' disclosure of material events that might affect performance, he notes: "There is also no formal definition of what constitutes `real time', but it is widely expected to be within 48 hours of the occurrence of the event." Examples of such events are: Bulk movement of customers to/from another supplier; variance in budget payment plan exceeding a threshold limit; windfall receipts from a third party collection agency; unexpected surge in accumulated deposits; and so on. It would be wishful to expect Indian accounting requirements to elicit such excitement in the IT industry as SOX has achieved. In the meantime, let me catch up with some excitement in the conference lounge where a CA asked another, "What about SOX?" The other asked: "In this humid weather!"
More Stories on : Accountancy | Account Speak | Software
Article E-Mail :: Comment :: Syndication :: Printer Friendly Page
|
Stories in this Section |
|
The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription Group Sites: The Hindu | Business Line | Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |
Copyright © 2004, The
Hindu Business Line. Republication or redissemination of the contents of
this screen are expressly prohibited without the written consent of
The Hindu Business Line
|