Sorting Out Sarbanes-Oxley

By Kelly Teal Comments
Posted in Articles
Print

Posted: 2/2004

Sorting Out Sarbanes-Oxley
Vague Law, Varied Solutions Cause Confusion for Public Telcos
By Kelly M. Teal

June 15, 2004, is D-Day for many publicly held companies to show compliance with the Sarbanes-Oxley Act of 2002. A plethora of software solutions but scant instruction from the federal legislation combine to make the months leading up to the deadline confusing for public telecom corporations seeking to prove they wont go the way of the WorldComs and Enrons, instead pledging their allegiance to scandalfree business operations.

On a most basic level, and of its many provisions, Sarbanes-Oxley requires publicly traded companies to prove their officials and employees have not engaged in financial fraud or tampering. Among other requirements of the law, CEOs and CFOs must personally review and sign off on all fiscal reports.

Myriad software programs on the market offer internal controls to keep companies on the straight and narrow. Because the Sarbanes-Oxley Act does not specify software to use, companies have a number of options from which to choose (see Sox Toolbox below). This can be the most frustrating part for executives, according to analysts, because there is no roadmap to compliance, just a hand pointing in that general direction.

This is partly why analysts stress that software alone wont meet companies compliance requirements  executives also must examine their companies processes. Theres hardly a software vendor out there that doesnt make some argument that whatever theyre selling has something to do with compliance, says Lane Leskala, research director for Gartner Inc. Functionality thats closest to the mark is tools that deal with secure archiving of information. Theres a straight line between the features and functions of a tool that would do that and the ability to be compliant.

But, he adds, complicating matters is vendors claim such capability but dont actually have it.

Mostly, Leskala says, its important to make sure companies already are implementing best practices. A lot of the better, if not best, practices that are shared are about alignment of process, Leskala says, adding that companies should consider the solidity of their techniques and controls before relying on technology to solve any problems.

For those eager for analysts to name software solutions, John Van Decker, vice president of research firm META Group Inc. has several companies in mind. Oracle, PeopleSoft [and] SAP either have solutions or will have solutions by the first quarter of next year, he notes. Other companies have solutions Movaris, Fuego, Documentum and IBM  and also have tools that companies can use to demonstrate  that their financial controls are effective.

Further, Van Decker encourages telecom companies to look at solutions from ERP vendors. so, if youre an Oracle customer, I would suggest the Oracle internal controls manager solution, he says. What you want to be able to do is leverage the integration with the ERP solution to pull out assessment information. A lot of your internal controls will be within your ERP solution, so why duplicate all of that?

Meticulous planning and consultation with experts are required to help win the battle for conformity with Sarbanes-Oxley. But, even though companies know the task ahead of them, they do not necessarily know how to complete it because of the absence of compliance instruction within the Sarbanes-Oxley text. That absence, says Gartners Leskala, leaves an extraordinary open door for litigation, meaning that companies found not to be compliant will risk being sued.

The fundamental goal is to close gaps, and Leskala suggests additional methods to achieve that aim, such as conducting risk assessment on internal processes. He says one key is to develop a system with assigned responsibilities and departments, before augmenting the underlying technology to automate as much of the ongoing, repeatable practices as possible.

To that end, META Groups Van Decker recommends companies consider solutions from the experts theyve commissioned to help them ensure compliance. These experts cannot be a companys auditor. There may be some complementary tools or some relatively small scaled-down solutions that can at least get them started and understand what their requirements will be for 404, he says, referring to Section 404 of the Sarbanes-Oxley bill that calls for management assessment of internal controls.

With four months before the deadline, there is still time to turn DDay into V-Day.

'SOX' TOOLBOX

 Bluespring Software Inc. developed Opportunity Feasibility Management (OFM) to nail down pricing, cost and regulatory compliance controls. Marketing Manager Jeff Mills describes OFM in bare terms: What we do is fill a void that exists between sales automation and CRM and that is actually management of the deal itself.

[OFM] follows a COSO framework in that in ensures that the people in regulatory affairs instantly get a copy of a signed contract as soon as it is entered into the program, he says. Well, that gives them plenty of time to file it. The big problem they have right now is that they dont get a copy of it, and many times its because theres no standard process or standard contract in place. The second thing the solution does is that is has a version control on these deals that are generated. So, if it takes six proposals to garner a customer, we keep each version.

COSO is the generally accepted concept of internal controls as set forth by The Committee of Sponsoring Organizations of the Treadway Commission.

Mills contends Sarbanes-Oxley compliance starts with the deal. You can eliminate a lot of the revenue leakage that you are trying to track down if you focus on getting it right up front, knowing how you are going to bill for it, knowing that you can do it, he says.

 Much like Bluespring, Click Commerce Inc. is finding that many of its clients are meeting Sarbanes-Oxley requirements organically, says Nancy Koenig, vice president of products.

You should have business strategy behind what youre doing and then as a filter, criteria on the solutions you look at. They should have some feature functions that help you achieve Sarbanes-Oxley, she says.

Click Commerce says its Allegis eBusiness Suite 7.0 reduces the risk of fraud in channel partner dealings. Koenig says that because Allegis automates interaction with channel partners, the software is most applicable in the telecom world for its ability to profile and segment partners, target specific promotions based on profiling criteria, manage content with partners, and manage marketing programs and channel partner incentives.

 Software provider Mantas Inc., in a company statement, calls its Margin Management an automated real-time billing verification, revenue validation and margin analysis application.

Among its many functions, Margin Management is intended to discover and recover lost revenue, prevent future income leakage and verify all costs.

If you are losing revenue and you dont know it, you now have a means of determining how much that is and also fixing it, explains Mandy Schuyler, head of telecom products for Mantas. [Margin Management] establishes natural control points that are truly not easy to tamper with from a human perspective.

 Meanwhile, PeopleSoft Inc. recently announced its Enterprise Financial Management 8.8 solution to help businesses meet Sarbanes- Oxley requirements as cost-effectively as possible. The company says new configuration tools will eliminate implementation steps, deploying applications more quickly and easily.

Finance executives are walking a tightrope, balancing Wall Street demands for improved earnings with multiple compliance deadlines under Sarbanes-Oxley, says Renee Lorton, senior vice president and general manager of PeopleSoft Financial Management. The new release of PeopleSoft Enterprise Financial Management was designed to help finance departments do more with less.

 Oracle Corp. sells the Internal Controls Manager, part of its E-Business Suite. The Internal Controls Manager was designed to help companies attain more efficient internal control testing, maintain higher certainty in risk assessments and lower annual external audit verification costs.

 SAP created mySAP Financials to provide operational, analytical and collaborative applications for financial management. The company says its product helps maintain financial control and accountability by improving financial planning and forecasting, optimizing the planning and performance management cycle, reducing the cost of finance and so on.

 Movaris Inc. provides its Certainty software, saying it documents, assigns and monitors all controls and management evaluations. It also is meant to manage exception reporting, materiality reviews and control remediation processes while reducing the cost of compliance.

 Fuego Inc. has its Business Process Management Solution (BPMS) solution to automate and enforce existing control processes, as well as to integrate those processes across a number of applications. The company says BPMS also employs preventative controls in transaction processing and audits the control process.

 Documentum Inc. promotes its Web seminars on content management, administered in tandem with consulting company BearingPoint Inc. The two companies have hosted a number of sessions to advise executives on processes, controls and technology components. Subjects include meeting specific Sarbanes-Oxley requirements for internal controls and accelerated SEC filing deadline; developing a secure framework and infrastructure for internal control; and creating a collaborative environment for document preparation, review and certification.

 IBM features Lotus Workplace for Business Controls and Reporting as part of its financial management services. The software is intended for use by project managers, documentation team members and internal and external auditors. IBM refers to its technology as a cost effective, quick-to-deploy overall way to help companies manage processes, controls and information that may be useful in their efforts to comply with the internal-control reporting requirements of Section 404 of the Sarbanes-Oxley Act.

 Finally, VoiceLog LLC is offering an employee hotline service. Under Section 301 of the Sarbanes-Oxley bill, public companies must provide such a hotline so employees can confidentially report financial issues to the audit committee of their board of directors. VoiceLog says its SARBOX hotline saves customers up to 80 percent, compared to providers of similar technology.
Links
Bluespring Software Inc. www.bluespringsoftware.com
Click Commerce Inc. www.clickcommerce.com
Documentum Inc. www.documentum.com
Fuego Inc. www.fuego.com
Gartner Inc. www.gartner.com
IBM www.ibm.com
Mantas Inc. www.mantas.com
META Group Inc. www.metagroup.com
Movaris Inc www.movaris.com
Oracle Corp. www.oracle.com
PeopleSoft Inc. www.peoplesoft.com
SAP AG www.sap.com
VoiceLog LLC www.voicelog.com

Comments

Similar Articles

Latest Articles

Other Resources

Channel Partners Zone

A brief look at the inaugural CPZ – are you in the zone?

Go to the Show

...learn more

Galleries

More

Most Popular Articles

Buyer's Guide

Search for

Resources

 
HOT TOPICS
Related Sites:
Channel Partners
B/OSS
vision2mobile