After marching through the first phases of compliance with the Sarbanes-Oxley Act, senior finance executives are turning their attention to making their regulatory compliance both more sustainable and also a driver of better business performance, according to a May 2005 survey of readers of CFO magazine. While spending on compliance will shift toward new technology investments, companies are equally focused on using this technology to improve core finance processes and to sharpen their view of business performance.
Senior finance executives believe their current processes and systems are insufficient to deliver sustained, cost-effective compliance with regulation — and they are concerned about the future cost of regulatory compliance. More than two-thirds of finance executives responding to the study say they are troubled by the future cost of regulatory compliance. Clearly, many CFOs underestimated the expenditure in the planning phase.
CFOs will make reducing the cost of compliance a high priority over the next two years — with an emphasis on relieving their talented, costly finance and internal-audit professionals from mundane compliance chores that are better handled by automated tools and techniques. Ideally, these automated tools and techniques will be integrated into finance’s most essential processes — such as planning, budgeting, forecasting, monitoring, consolidation, and reporting — since CFOs are as keen to improve plan-to-measure processes as they are to see an ROI on their compliance spending.
By the spring of 2005, most companies required to comply had in fact completed their first round of assertions, which called for documenting and testing the effectiveness of internal controls for financial reporting. These efforts were manual and labor-intensive for most companies. Companies had to allocate internal staff and hire third-party consultants to reach the first of many pressing compliance milestones. The effort was not only costly but complicated, and it was conducted in an opaque atmosphere in which finance executives were not entirely sure what the new rules really meant.
In the future, CFOs see the need to address the cost of compliance in conjunction with the need to make it sustainable. By sustainable, we mean that processes must be:
• Repeatable, with no need for rework in each compliance period
• Adaptable to changing business conditions, such as a major acquisition or a push into foreign markets
• Able to produce ancillary business benefits, such as more-reliable data for decision support
On one end of the improvement spectrum, CFOs are evaluating discrete software that will help to improve the financial close process or even the larger financial analysis, budgeting, and forecasting process. On the other end, they are considering process simplification and standardization on tools that will help them improve document management and financial data warehousing.
Companies are making a progression of investments that indicate they’re seeking both compliance and performance improvement gains from the same investments. In supporting their first pass at Sarbanes-Oxley compliance, companies say they have started addressing the elements of their IT systems that are most essential to their year-one requirements by improving their security infrastructure, pulling together disparate information into data warehouses, and improving basic finance processes.
In the near term, respondents expressed a preference for continued process improvement — boosting the quality of information in reports and further honing the historical close and forward-looking planning processes. In the longer term — as requirements and tools mature — companies foresee adopting automated controls assessment, document management, and more-standardized ERP systems.
CFOs also realize that future iterations of SOX and other regulatory mandates cannot be efficiently addressed with expensive, brute-force measures or the recasting of a discrete process here or there. Accordingly, CFOs are looking ahead at other dimensions of SOX compliance, such as Section 409, which calls for accelerated financial reporting and disclosure, and the need to integrate compliance and performance management. To get there, they plan to standardize financial management processes, applications, and platforms. To many CFOs, this means standardizing on one ERP platform, if possible, and standardizing on a set of compliance and decision support systems that, using one platform, can drive down compliance costs and improve performance management significantly over time.