Sometimes you need a sympathetic shoulder to cry on. As companies struggle to comply with Section 404 of Sarbanes-Oxley, which requires them to document and obtain audits of their internal controls, some finance executives are organizing peer groups to share experiences, compare notes on their auditors, and vent frustrations.
One such group, in Silicon Valley, includes finance executives from about 30 technology companies who meet in informal sessions every other month. As Ed Pitts, director of internal audit at Foundry Networks and co-founder of the group, explains, “There is no precedence for [the regulation], so there is a lot of confusion about what is required.”
One common complaint is that auditors have inconsistent and evolving standards on what is required for a clean audit. Members of the group say requirements vary not just from firm to firm, but from audit partner to audit partner. “The same firm is telling different companies different things,” explains Pitts.
Karen Gebbie, director of internal audit at Echelon Corp., a device-networking-technology firm based in San Jose, Calif., says that the meetings have helped her clarify gray areas in the regulations. “The more we know about what other companies are doing, the better conversations we can have with our auditors,” she says.
Members also discuss what their Big Four auditors are charging for the audits. “They’re all over the map,” says Pitts. An informal survey of the group found that some members received estimates of as little as 30 percent of a regular audit for the 404 component, while others were quoted as much as 100 percent more.
Financial Executives International also facilitates networking on its Website, www.fei.org. Colleen Sayther Cunningham, the organization’s CEO, says 404 compliance is a hot topic at FEI chapter meetings. On one point, all the executives agree: “The cost of this is astronomical!”