The sarbanes oxley sox implications for business and technology
1 / 25

The Sarbanes-Oxley (SOX) – Implications for Business and Technology - PowerPoint PPT Presentation

  • Uploaded on

The Sarbanes-Oxley (SOX) – Implications for Business and Technology. Dallas, Texas June 16, 2004. SOX Panelists. SOX – Implications for Business and Technology. Kapila K. Anand National Industry Director Real Estate & Hospitality Advisory Services KPMG LLP.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' The Sarbanes-Oxley (SOX) – Implications for Business and Technology' - garima

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
The sarbanes oxley sox implications for business and technology

The Sarbanes-Oxley (SOX) – Implications for Business and Technology

Dallas, Texas

June 16, 2004

Sox panelists

SOX Panelists Technology

Sox implications for business and technology
SOX – Implications for Business and Technology Technology

  • Kapila K. Anand

  • National Industry Director Real Estate & Hospitality Advisory Services


Sox implications for business and technology1
SOX – Implications for Business and Technology Technology

  • Richard Barrett-Cuetara, Esq. Cowles & Thompson, P.C. Hospitality and Lodging

Sox implications for business and technology2
SOX – Implications for Business and Technology Technology

  • Emily Calloway, Director, Corporate Accounting

  • Starwood Hotels & Resorts, Inc.

Sox implications for business and technology3
SOX – Implications for Business and Technology Technology

  • Monica Huber, Senior Manager

  • World Class Finance, Enterprise Solutions

  • BearingPoint

The spirit of the sarbanes oxley act
The Spirit of the Sarbanes-Oxley Act Technology

  • What are the driving forces behind SOX?

    • Restoring investor trust and confidence in the public markets

    • Increase the integrity of data reported to the public

    • Address perceived inequities arising from corporate and accounting scandals

What has recently changed
What has recently changed? Technology

  • The SEC issued final rules in June 2003 for Section 404 and in March 2004 for Section 409 which included the following amendments and modifications:

  • Section 404 – Management Assessment of Internal Controls

    • Changes the effective date from fiscal years ending on or after September 15, 2003 to June 15, 2004

    • Modifies definition of internal control

    • Requires companies to provide a statement identifying the framework used by management to evaluate the effectiveness of internal control over financial reporting

    • Provides that management is precluded from determining that a company’s internal control over financial reporting is effective if one or more material weaknesses in such controls is identified

    • Provides that companies are not required to perform quarterly evaluations of internal controls over financial reporting that are as extensive as the annual reviews. Requires that companies evaluate any changes in internal controls over financial reporting that could have a material impact over such controls

    • Provides that evaluation of disclosure controls is still required on a quarterly basis but the date of such evaluation is set at the end of the fiscal period rather than within 90 days of the report. Provides high level guidance on the level of this required quarterly evaluation

What has recently changed1
What has recently changed? Technology

  • Section 409 – Real Time Disclosure

    • Expanding the number of events that are reportable on Form 8-K (add eight new items to the form, transfer two items from the periodic reports and expand disclosures under two existing Form 8-K items)

    • Shortened the Form 8-K filing deadline for most items to four business days after the occurrence of an event

The next big sox topic will be section 409 real time disclosures
The next big SOX topic will be Section 409: TechnologyReal-Time Disclosures

The sox investment

The SOX Investment Technology

Where is the Money Going? TechnologyExcerpts from Wall Street Journal Article(Companies Complain About Cost Of Corporate-Governance Rules, 2/10/2004)

  • "We are seeing a significant drain," says Bill Kiernan, Magma's controller. "We would not be doing this level of documentation or going through this extensive an exercise were it not for Sarbanes-Oxley.”

  • Magma Design Automation Inc., a chip designer in Santa Clara, Calif., which has seen its legal and accounting bills soar. Last quarter, Magma blamed the new rules in shaving a penny off its earnings-per-share -- reporting nine cents instead of 10 cents. The company, which posted $75 million in revenue for fiscal 2003, saw its legal fees jump 105% in the first quarter of 2004.

  • To comply with section 404 public companies are spending large dollars:

    • A survey of 321 companies … shows that businesses with more than $5 billion in revenue expect to spend an average of $4.7 million each implementing the new 404 rule this year, according to FEI, which represents top corporate officials.

    • Even before the most expensive Sarbanes-Oxley rules take effect, companies say their audit costs are increasing by as much as 30% or more this year

    • Companies also are paying steep fees to fund a new accounting-oversight board -- as much as $2 million apiece annually for some large businesses

Two approaches have emerged in the marketplace
Two approaches have emerged Technologyin the marketplace


  • Most companies are focused on simply complying with the act in order to “check the box”. The people they are hiring to assist them in these efforts reflects this focus.

  • Most of the current (section 404) SOX work is being handled by:

    • Audit Firms - Attestation & Testing, Controls Documentation

    • Temporary Resource Companies - Controls Documentation

  • Characteristics of this approach

    • Majority (>80%) approach

    • Achieved 302 compliance

    • Focused assessment for 404 compliance

    • Targeted remediation

    • Targeted use of technology (e.g., auditor tools for self assessment)

    • Few functional disciplines involved (e.g., Finance, Legal, Audit)

Two approaches have emerged in the marketplace1
Two approaches have emerged in the marketplace Technology


  • These companies are hiring a mixture of:

    • Audit Firms – Attestation & Testing

    • Consulting Firms – Documentation Support, Systems Integration, Finance Process improvement

    • Software Vendors – Systems Installation, Support

  • Characteristics of this approach

    • Recognize opportunity to make real change in Finance

    • Targeted activities aligned with SOX timeline (302, 404, 409, etc.), multi phase approach

    • Extend remediation activity to include document management

    • Expanded use of technology as part of overall program

    • Multi discipline effort

Some companies are recognizing this as an opportunity to transform their organizations and processes into world class operations to support real time reporting and disclosure.

Sox touches the whole organization and often involves external parties

Governance Technology

  • Policies & Procedures

Financial Reporting Process

Internal Controls

Financial Systems

Internal Organizations

- Finance

- Legal

- HR

- IT

- Sales

- Marketing

- Audit

External Organizations

- Board

- Audit

- Partners

- System Integrators

- Audit Committee

SOX touches the whole organization and often involves external parties

The Sarbanes-Oxley compliance project engages the whole organization, from the Boardroom to the front-line

  • Companies expect to document an average of 79% of their processes and expect external auditors will test an average of 57% of those processes. (FEI Survey 2/2004)

  • These companies expected a mean of 12,265.4 internal people hours needed to comply with Section 404/Management Report on Internal Controls

  • In addition these companies expected 3,059.1External hours (EXCLUDING auditor’s fee for attestation) needed to comply with Section 404/Management Report on Internal Controls

  • Most firms will be required to do this in depth level of review. To miss the opportunity to positively effect the processes would be a large opportunity lost.

Discussion questions
Discussion Questions Technology

  • OK, so SOX is a fact of life for all companies today, what are issues facing companies regarding current compliance efforts and what long-term impact will the SOX have, if any?

    • How does SOX specifically affect the hotel industry specifically? Are compliance efforts more complicated in the distributed ownership environment?

    • Is IT in denial regarding SOX compliance? What role do IT controls play in the SOX compliance efforts?

    • Does SOX provide an opportunity for companies to drive forward to operational excellence on both the business & IT sides of the house? Or is it simply something that companies "have" to do, and is a tactical exercise in compliance?

    • What role does awareness training and communication play in achieving SOX compliance?

    • Does SOX provide a common framework for financial computing and reporting? Or is the act so broad that each company may implement it in its own way?

    • What are the expected penalties for non-compliance?

    • Are role and responsibilities clearly defined in the IT area?

    • How will SOX change the business of doing business?

    • How are companies planning to leverage their ERP systems to achieve SOX compliance?

    • How are they tying their compliance tool into the rest of their financial infrastructure?

    • If have invested in compliance tools to achieve short-term compliance (e.g. 302 & 404) will these tools be viable for longer-term compliance efforts?

    • Is ROI part of your SOX compliance mandate? If so, do you understand how to calculate it?


Appendix Technology

Some examples

Straight Hours Saved Technology

Quantified by: Duration of Original Task(s) – New duration of task(s)

Time Saved * Cost of FTE (~$200,000)

Reduced overtime travel and food expenses

Estimate these costs

Other Related Benefits

Reduction in Operational Risk

Reduction in possibility of human error

Time historically spent on activities related to reconciliation's / pursuing issues

Reduced costs through eliminating need for time consuming reconciliation

Other Less Tangible Savings

How time is reallocated

Increased Analytical Time

Picking up new tasks that were previously not completed due to time constraints

Employee Satisfaction

Recognition of management team listening to issues

Lead to reduced turnover

Higher level of motivation

Reduced Dependence on External Consultants and Temporary Employees

Some Examples

Sample of roi
Sample of ROI Technology

Through automation significant costs were removed from employees daily activities freeing them up to focus on more value added activities

Time Savings

Distribution of Staff Tasks

Prior to Process Improvement

Post Process Improvement

Value Add



External Staff

Sample roi
Sample ROI Technology

Through improving the staff’s quality of work life the group has realized significant reduction in turnover and the associated cost savings

  • Retention Savings

  • * Based on an assumption of improved work environment results in 10% less attrition of workers effected