article

Sorting Out Sarbanes-Oxley

Posted: 2/2004

Sorting Out Sarbanes-Oxley
Vague Law, Varied Solutions Cause Confusion for Public Telcos
By Kelly M. Teal

June 15, 2004, is D-Day for many publicly held companies
to show compliance with the Sarbanes-Oxley Act of 2002. A plethora of software
solutions but scant instruction from the federal legislation combine to make the
months leading up to the deadline confusing for public telecom corporations
seeking to prove they wont go the way of the WorldComs and Enrons, instead
pledging their allegiance to scandalfree business operations.

On a most basic level, and of its many provisions,
Sarbanes-Oxley requires publicly traded companies to prove their officials and
employees have not engaged in financial fraud or tampering. Among other
requirements of the law, CEOs and CFOs must personally review and sign off on
all fiscal reports.

Myriad software programs on the market offer internal controls
to keep companies on the straight and narrow. Because the Sarbanes-Oxley Act
does not specify software to use, companies have a number of options from which
to choose (see Sox Toolbox below). This can be the most frustrating part
for executives, according to analysts, because there is no roadmap to
compliance, just a hand pointing in that general direction.

This is partly why analysts stress that software alone wont
meet companies compliance requirements executives also must examine their
companies processes. Theres hardly a software vendor out there that
doesnt make some argument that whatever theyre selling has something to do
with compliance, says Lane Leskala, research director for Gartner Inc. Functionality
thats closest to the mark is tools that deal with secure archiving of
information. Theres a straight line between the features and functions of a
tool that would do that and the ability to be compliant.

But, he adds, complicating matters is vendors claim such
capability but dont actually have it.

Mostly, Leskala says, its important to make sure companies
already are implementing best practices. A lot of the better, if not best,
practices that are shared are about alignment of process, Leskala says,
adding that companies should consider the solidity of their techniques and
controls before relying on technology to solve any problems.

For those eager for analysts to name software solutions, John
Van Decker, vice president of research firm META Group Inc. has several
companies in mind. Oracle, PeopleSoft [and] SAP either have solutions or will
have solutions by the first quarter of next year, he notes. Other
companies have solutions Movaris, Fuego, Documentum and IBM and also have
tools that companies can use to demonstrate that their financial controls
are effective.

Further, Van Decker encourages telecom companies to look at
solutions from ERP vendors. so, if youre an Oracle customer, I would
suggest the Oracle internal controls manager solution, he says. What you
want to be able to do is leverage the integration with the ERP solution to pull
out assessment information. A lot of your internal controls will be within your
ERP solution, so why duplicate all of that?

Meticulous planning and consultation with experts are required
to help win the battle for conformity with Sarbanes-Oxley. But, even though
companies know the task ahead of them, they do not necessarily know how to
complete it because of the absence of compliance instruction within the
Sarbanes-Oxley text. That absence, says Gartners Leskala, leaves an
extraordinary open door for litigation, meaning that companies found not to
be compliant will risk being sued.

The fundamental goal is to close gaps, and Leskala suggests
additional methods to achieve that aim, such as conducting risk assessment on
internal processes. He says one key is to develop a system with assigned
responsibilities and departments, before augmenting the underlying technology to
automate as much of the ongoing, repeatable practices as possible.

To that end, META Groups Van Decker recommends companies
consider solutions from the experts theyve commissioned to help them ensure
compliance. These experts cannot be a companys auditor. There may be some
complementary tools or some relatively small scaled-down solutions that can at
least get them started and understand what their requirements will be for 404,
he says, referring to Section 404 of the Sarbanes-Oxley bill that calls for
management assessment of internal controls.

With four months before the deadline, there is still time to
turn DDay into V-Day.

‘SOX’ TOOLBOX

Bluespring Software Inc. developed Opportunity
Feasibility Management (OFM) to nail down pricing, cost and regulatory
compliance controls. Marketing Manager Jeff Mills describes OFM in bare terms:
What we do is fill a void that exists between sales automation and CRM and
that is actually management of the deal itself.

[OFM] follows a COSO framework in that in ensures that the
people in regulatory affairs instantly get a copy of a signed contract as soon
as it is entered into the program, he says. Well, that gives them plenty
of time to file it. The big problem they have right now is that they dont get
a copy of it, and many times its because theres no standard process or
standard contract in place. The second thing the solution does is that is has a
version control on these deals that are generated. So, if it takes six proposals
to garner a customer, we keep each version.

COSO is the generally accepted concept of internal controls as
set forth by The Committee of Sponsoring Organizations of the Treadway
Commission.

Mills contends Sarbanes-Oxley compliance starts with the deal.
You can eliminate a lot of the revenue leakage that you are trying to track
down if you focus on getting it right up front, knowing how you are going to
bill for it, knowing that you can do it, he says.

Much like Bluespring, Click Commerce Inc. is
finding that many of its clients are meeting Sarbanes-Oxley requirements organically,
says Nancy Koenig, vice president of products.

You should have business strategy behind what youre
doing and then as a filter, criteria on the solutions you look at. They should
have some feature functions that help you achieve Sarbanes-Oxley, she says.

Click Commerce says its Allegis eBusiness Suite 7.0 reduces
the risk of fraud in channel partner dealings. Koenig says that because Allegis
automates interaction with channel partners, the software is most applicable in
the telecom world for its ability to profile and segment partners, target
specific promotions based on profiling criteria, manage content with partners,
and manage marketing programs and channel partner incentives.

Software provider Mantas Inc., in a company
statement, calls its Margin Management an automated real-time billing
verification, revenue validation and margin analysis application.

Among its many functions, Margin Management is intended to
discover and recover lost revenue, prevent future income leakage and verify all
costs.

If you are losing revenue and you dont know it, you now
have a means of determining how much that is and also fixing it, explains
Mandy Schuyler, head of telecom products for Mantas. [Margin Management]
establishes natural control points that are truly not easy to tamper with from a
human perspective.

Meanwhile, PeopleSoft Inc. recently announced its
Enterprise Financial Management 8.8 solution to help businesses meet Sarbanes-
Oxley requirements as cost-effectively as possible. The company says new
configuration tools will eliminate implementation steps, deploying applications
more quickly and easily.

Finance executives are walking a tightrope, balancing Wall
Street demands for improved earnings with multiple compliance deadlines under
Sarbanes-Oxley, says Renee Lorton, senior vice president and general manager
of PeopleSoft Financial Management. The new release of PeopleSoft Enterprise
Financial Management was designed to help finance departments do more with less.

Oracle Corp. sells the Internal Controls Manager,
part of its E-Business Suite. The Internal Controls Manager was designed to help
companies attain more efficient internal control testing, maintain higher
certainty in risk assessments and lower annual external audit verification
costs.

SAP created mySAP Financials to provide
operational, analytical and collaborative applications for financial management.
The company says its product helps maintain financial control and accountability
by improving financial planning and forecasting, optimizing the planning and
performance management cycle, reducing the cost of finance and so on.

Movaris Inc. provides its Certainty software,
saying it documents, assigns and monitors all controls and management
evaluations. It also is meant to manage exception reporting, materiality reviews
and control remediation processes while reducing the cost of compliance.

Fuego Inc. has its Business Process Management
Solution (BPMS) solution to automate and enforce existing control processes, as
well as to integrate those processes across a number of applications. The
company says BPMS also employs preventative controls in transaction processing
and audits the control process.

Documentum Inc. promotes its Web seminars on
content management, administered in tandem with consulting company BearingPoint
Inc. The two companies have hosted a number of sessions to advise executives on
processes, controls and technology components. Subjects include meeting specific
Sarbanes-Oxley requirements for internal controls and accelerated SEC filing
deadline; developing a secure framework and infrastructure for internal control;
and creating a collaborative environment for document preparation, review and
certification.

IBM features Lotus Workplace for Business Controls
and Reporting as part of its financial management services. The software is
intended for use by project managers, documentation team members and internal
and external auditors. IBM refers to its technology as a cost effective,
quick-to-deploy overall way to help companies manage processes, controls and
information that may be useful in their efforts to comply with the
internal-control reporting requirements of Section 404 of the Sarbanes-Oxley
Act.

Finally, VoiceLog LLC is offering an employee
hotline service. Under Section 301 of the Sarbanes-Oxley bill, public companies
must provide such a hotline so employees can confidentially report financial
issues to the audit committee of their board of directors. VoiceLog says its
SARBOX hotline saves customers up to 80 percent, compared to providers of
similar technology.

Links
Bluespring Software Inc. www.bluespringsoftware.com
Click Commerce Inc. www.clickcommerce.com
Documentum Inc. www.documentum.com
Fuego Inc. www.fuego.com
Gartner Inc. www.gartner.com
IBM www.ibm.com
Mantas Inc. www.mantas.com
META Group Inc. www.metagroup.com
Movaris Inc www.movaris.com
Oracle Corp. www.oracle.com
PeopleSoft Inc. www.peoplesoft.com
SAP AG www.sap.com
VoiceLog LLC www.voicelog.com

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 69998