Sarbanes-Oxley solutions

When the dust settled in the aftermath of the 1990s, investors were confronted with unsettling news: In a few instances, the meteoric growth they'd witnessed had been fueled by dubious accounting practices or even outright fraud. Scandals dominated the headlines, compounding worry over a shaky economy and eroding investor confidence. To help alleviate investors' concerns and provide a more effective regulatory framework for business operations, the U.S. Congress signed the Sarbanes-Oxley Act into law on July 30, 2002. While some of the law's particulars are still evolving, the message is clear: Improving your business credibility by adhering to Sarbanes-Oxley must be one of your top priorities.

IBM can assist you in addressing the requirements of Sarbanes-Oxley

Combining strategy, process and technology, our Financial Management services are designed to support you in your Sarbanes-Oxley initiatives as well as help you transform your business processes and move to a realtime, on demand environment, which may lay the groundwork for long term success.

The Sarbanes-Oxley Act was developed to address all the complexities of investor reporting — not to mention individual accountability and integrity. Its scope is formidable, and many today believe that it is even broader than initially perceived.

Section 302, which requires CEOs and CFOs to personally certify quarterly and annual financial statements and take responsibility for ensuring their accuracy, was implemented in August 2002. Most, if not all, large U.S. corporations are complying — at least technically. But many remain concerned about the quality of their financial reports, notwithstanding those certifications. In helping clients address Sarbanes-Oxley, IBM Business Consulting Services has identified key issues regarding Section 302 compliance:

• Reporting limitations. Are you falling prey to the limits of manual spreadsheets and processes?
• Information integrity. Can you trust your data? And are you struggling with inconsistencies in your reporting definitions and/or calculations?
• Corporate governance and accountability. Compliance issues affect all layers of a company; do you have the resources in place to make sure everyone is doing his or her part? Is compliance being pushed down to all business units and subsidiaries, making accuracy and integrity the explicit responsibility of all C-level executives?
• A slow close process. With Sarbanes-Oxley, time is of the essence. Is your infrastructure slowing your external reporting?

The section of Sarbanes-Oxley currently weighing most on your mind may be Section 404, which mandates that your company provide an annual report on internal controls, attested to by an external audit firm. Section 404 implementation challenges include:

• Insufficient controls management. Have you effectively implemented procedures related to the definition, documentation, testing, monitoring and enhancement of internal controls?
• Unclear division of duties. The new legislation brings a host of new responsibilities; who's doing what in your organization?
• Lagging document management strategies. Are old content and document management strategies causing you problems as you attempt to meet Sarbanes-Oxley requirements?
• Loose "off-the-ledger" audit trails. Do you have weak links in documentation, data consistency or other internal controls that could result in off-the-ledger headaches?

Section 409 is still being constructed, but savvy companies are preparing now for the huge impact it's expected to have; it will essentially mandate that companies disclose any material changes in their financial conditions or operations — in real time.

What could stand in your way once 409 is officially adopted and enforced?

• Inadequate monitoring capabilities. If you are currently struggling to monitor compliance activities and progress, will 409 cause you to stumble?
• Obscured or limited visibility. How will you be able to quickly apprise the public of important changes in your company's performance if you're not immediately aware of these changes yourself?
• Lack of predictability. Do you have a clear view of your company's end-to-end business performance?
• Tangled lines of communication. Does your company's infrastructure lack the proper vehicles for reporting material events in real time? If so, 409 compliance will be tough, if not impossible.
• Organizational culture. Does your organization suffer from a fear of reporting bad news up the chain of command? This may prevent leaders from being aware of possibly material events, as your staff waits and hopes that tomorrow, or next month, or even next quarter will deliver something better to offset the negative event.

Given the multifaceted and evolving nature of Sarbanes-Oxley, you may simply be reacting to the new rules as they come, rather than developing the kind of long-term strategy that could put you ahead of your competition.

But for the business leaders who recognize that change is both a challenge and an opportunity, Sarbanes-Oxley represents a gateway to bigger and better things. The trick is to comply and to use compliance as a lever for positioning your company for maximum business effectiveness and continued success over the long term.

First, we have the tools to help you in your efforts to comply with Section 404, and other sections of the Act, so that it becomes a fluid part of your day-to-day business. In addition, we have the experience to help your organization leverage SOX to make your business more effective and efficient, to make you more competitive, and to position you for the future.

IBM offers a full — and flexible — line-up of Sarbanes-Oxley-related services designed to assist you with your SOX initiatives. These products and services range from an electronic controls library to workflow and process management tools to application infrastructure solutions.

In fact, IBM will be working with KPMG to develop a Lotus Workplace solution specifically designed to help publicly traded companies faced with management assessment of internal controls requirements under Section 404 of Sarbanes-Oxley. The first in a series of planned offers, IBM Lotus Workplace for Business Controls and Reporting is a Web-based, collaborative application designed to help corporations automate significant aspects of their business controls framework in response to Sarbanes-Oxley legislation.

From helping you assess your company's performance gaps, to initiating both short- and long-term recommendations in support of your Sarbanes-Oxley plans, to measuring results, IBM services are designed to make your job easier.

What truly sets us apart, though, is our ability to provide end-to-end solutions. Working with IBM, your Sarbanes-Oxley compliance initiatives will seem like less of an obstacle, and more of an opportunity. Choose IBM and you'll be taking the first step toward a successful future in an on demand world.