Foreign companies represented on the U.S. stock exchanges are currently so immersed in the task of complying with Section 404 of SOX for the first time that they have lost sight of the long-term effects of their actions. As a result, internal controls could well cost much more than they really have to over the next few years. Experts at InfoWatch point out that those companies ought to invest in integrated and long-term solutions that provide full control over regulatory risks and minimize the costs of complying with statutory acts.
The study ‘Looking forward: evaluating early experiences with Sarbanes-Oxley’ has shown that the experiences of companies in the U.S. who have already achieved compliance with Sarbanes-Oxley (SOX) have largely been ignored. PricewaterhouseCoopers surveyed 36 SOX project leaders from large foreign private issuers and found that they are making the same kinds of mistakes that U.S. businesses made two years ago. They are focusing on compliance with Section 404 while neglecting the costs of supporting those internal controls in years to come.
There is a real danger that the excessive costs of compliance in the first year will recur in following years unless companies take measures now to examine and review the effectiveness of their controls and compliance structures within the framework of SOX.
Almost half (44%) of the respondents view their Section 404 compliance efforts as an entirely separate area of work, unconnected to other compliance activities and processes happening within the business. Although creating ‘controls consciousness’ is considered to be a medium-to-high priority for the vast majority (86%) of those surveyed, 31% state that this has not to date been gauged within the company. Only 19% of respondents say that a formal mechanism exists for knowledge transfer from their Section 404 project team to management.
Nearly two thirds of those surveyed identify an excessive number of key controls within their organization, which has a direct bearing on the amount of work required to document them efficiently. The respondents were split 50:50 on the question of whether they felt their processes for identifying and addressing control deficiencies were well established and working effectively. Both these factors have a very real impact on the cost of compliance in the future.
Representatives from PricewaterhouseCoopers believe that companies are capable of substantially simplifying the structure of their internal controls and avoiding excessive costs when creating and maintaining them. However, that requires the implementation of strategic and structured solutions. Today, the goal of companies should not be compliance as such, but rather cutting costs, improving controls and achieving tangible business benefits by optimizing the controls process. In other words, companies need reasonable controls for a reasonable price.
Other results on the effectiveness of current measures revealed that less than 20% of the respondents felt a formal system is in place to deal with changes in risks or controls in response to changes in the business, its structures, systems or processes. However, 83% thought that this area was a medium-to-high priority for their organization.
The study also found that there are opportunities to ‘add value’ in the future by reducing the cost of compliance and improving the efficiency of the finance function. Companies are not taking full advantage of automated systems to ease the process of compliance. The overwhelming majority of respondents (83%) say they have identified areas where automated processes and controls can be increased.
Over two thirds (67%) also say that opportunities to improve processes have been identified during their Section 404 project. However, only 6% have a process optimization plan in place and less than one fifth (19%) viewed that as a high priority item.
“Businesses are definitely making a big mistake by setting aside huge amounts of resources for SOX and not thinking of their expenses over the next few years. It is obvious that regulatory standards can be used to benefit a company: automation of processes, safeguarding information from corruption, minimizing insider risks etc. However, to do this cheaply and effectively a company needs an integrated platform that enables compliance. Compliance with several standard acts at once can be achieved on this basis, as well as significantly reducing the cost of compliance in the second year of regulation. This is the only way a company can effectively manage regulatory risks and gain some benefit from the demands of the regulatory bodies,” Denis Zenkin, the marketing director at InfoWatch, is convinced.
Source: Business Credit Management