I. Overview

The Sarbanes-Oxley Act (SOX) went into effect in July 2002 in response to a wave of corporate governance scandals not seen since the 1920s. With more than four-dozen sections affecting every area of financial reporting, the impact of the Act on financial disclosure and the public accounting profession has been farreaching and complex. Suddenly, public companies must comply with a host of requirements, from continually monitoring internal controls to miscellaneous safeguards such as having a designated financial expert on the audit committee. For the past two years, public companies have scrambled to interpret these rules, and many have attempted, with varying degrees of success, to deploy and implement compliance solutions.

To date, much of the focus has been on self-assessments, with the assistance of solution providers focusing on Section 404 (establishing a compliant internal controls environment) and other key substantive sections of SOX. Although compliance deadlines have been moved several times, the heat is still on, and public companies have no choice but to get with the program as quickly as possible. Adding to this urgency is the fact that nobody really knows how noncompliance will truly be disciplined.

Billions of dollars have already been spent on compliance efforts, and billions more will be invested going forward. Houston-based consulting firm Longnecker & Associates has reviewed a range of compliance cost studies and estimates the average total cost of compliance so far at $2.5 million per year, per company1. What’s more, the wave of compliance is no longer limited to U.S. companies. Scandals in Europe and Asia are prompting similar regulatory mandates, even as those regions move closer toward acceptance of International Accounting Standards (IAS). Indeed, compliance is now a global issue, and smart companies are recognizing that this is a critical time to improve processes and systems.

Ensuring ongoing SOX compliance requires a complex and efficient “performance culture” with all its subsystems working toward the same goal. People, process and technology are all part of this equation. Although there is no silver bullet or perfect solution, companies with strong controls over financial transactions and reporting will be rewarded by the investment community, and be able to steer clear of the negative media coverage and regulatory scrutiny that has had an adverse effect on the valuations of so many companies over the past two years.

II. Key Challenges for the CFO

Sections 302 and 906 of SOX have left little doubt as to the criminal penalties that await corporate officers who fail to certify that their financial statements are accurate and complete. With its clear mandates concerning corporate executives’ responsibility for the data integrity of financial reports, SOX puts much of the onus on the CFO as the key compliance gatekeeper. Although he or she may get help from the CIO, CEO and other key executives (such as the emerging role of Chief Compliance Officer), the CFO is still the central figure in driving and maintaining compliance efforts on an ongoing basis.

Once the initial hurdle of compliance is achieved, the real challenge is only beginning. CFOs should not view SOX compliance as a one-time hurdle to jump, but rather as an ongoing process that must be constantly monitored and managed. Having the right people, process and systems in place is key. CFOs need a business performance management (BPM) solution that promotes the consistency of financial data to all stakeholder groups, ensures the completeness and accuracy of that data, and continually monitors the effectiveness of internal controls around that data as they relate to SOX compliance.

It is surprising, then, how few companies have been able to even get out of the gate with their BPM initiatives. A survey conducted during a recent webcast by Business Finance magazine and Cartesis revealed that a full 70 percent of companies have either not started or are still in the initial planning stages of BPM. Thus, the SOX compliance challenge represents a unique opportunity for forward-thinking CFOs to get the jump on competitors by achieving compliance while concurrently streamlining reporting, improving control over data integrity and enhancing decision-making capabilities that ultimately improve business performance. BPM is a key part of this equation, and the right technology is paramount.

III. BPM: The Road to Compliance

Although most CFOs realize the need for greater accountability in the financial reporting practices of public companies, many have been slow to respond to the challenges with the technology required to put their companies at best advantage. With so much data to measure and manage, failure to integrate ongoing compliance into your BPM processes and systems is risky. Savvy financial executives are recognizing the impact of emerging compliance requirements on their BPM environments, specifically the need for solutions that can address a number of issues:

• The depth and breadth of SOX can be overwhelming. CFOs can avoid drowning in control-monitoring detail by using technology tools to provide a “compliance snapshot” of their organization at any time.
• The acceleration of reporting deadlines introduces the need for speed, consistency and accuracy that can only be met by automating manual activities and embedding financial controls throughout BPM processes.
  
• The new demands on data integrity make it absolutely critical to establish one central source of financial data for both internal and external stakeholder groups to promote consistency.
• Auditability, traceability and visibility are all hot buttons driving the need for BPM solutions that can deliver on the requirement to track financial, nonfinancial and compliance metrics from source to disclosure.

With the right tools in place, organizations can transform SOX compliance from an expensive burden into an opportunity to streamline processes, promote consistency, enhance speed and drive visibility around all BPM processes.

Ensure consistency and visibility

In order to achieve ongoing SOX compliance, CFOs must be able to guarantee that financial information is consistently and accurately tracked from source to disclosure, while providing insight into any changes and adjustments that might occur along the way. Companies that are not able to do so quickly and accurately may face challenges during the attestation and other regulatory procedures. Achieving this kind of transparency requires a BPM solution that ensures the visibility requirements driven by Sarbanes-Oxley are achieved. Before disclosing financial data, it is now imperative to be able to quickly surmise who touched the data, for what reason, and when and how the data was revised.

Monitor compliance and internal controls

Accounting firms offer compliance services and solutions to assess and promote effective internal controls, but can you monitor compliance metrics alongside other financial and operational metrics on an ongoing basis? SOX Section 404 is driving a new strategic category of financial management – “Compliance Reporting” – which means finance staff must continually self-assess their control environment with an emphasis towards remaining compliant or improving weak areas of control. Compliance requires extensive, ongoing documentation of controls, whether the control model is the company’s own or in accordance with the guidelines endorsed by the Committee of Sponsoring Organizations (COSO). BPM software such as the Cartesis Suite can incorporate a custom or COSObased framework into internal controls reporting to capture compliance data throughout the global enterprise. Finance staff can then view a “compliance snapshot” at any time to identify weak spots in the organization down to the process level within a specific entity. By continually monitoring ongoing compliance metrics, CFOs can have confidence in the effectiveness of their control systems during audit cycles using the same system that provides their financial data.

Report on material events in real time

Section 409 of Sarbanes-Oxley drives the requirement of finance organizations to provide real time visibility into material events that impact the financial statements of an organization. Assuring ongoing compliance in this area requires a BPM system that automates exception-based reporting, flagging and escalating material changes in the financial position such as additions/dispositions of business units and material variances in key accounts. Using such tools, finance managers significantly reduce the risk that material events will not be disclosed.

Achieve financial transparency with speed

SOX compliance demands timely and transparent communication of financial information and material events to the investment community. Despite the demand for more detail and visibility, SOX is also driving acceleration in reporting deadlines. The message to CFOs is clear: Report on everything you used to, plus a whole lot more, and do it all much faster. The key to disclosure speed is to automate manual activities in all BPM processes, such as intercompany transaction matching, recurring journals and report generation, as well as integrating data links to source systems. In addition to this automation, the Cartesis Suite provides workflow features that give finance managers visibility into bottlenecks and slow points during budgeting, closing, forecasting or compliance reporting – all within a single and secure BPM system. The Cartesis Suite also offers drill-down capabilities from top-level numbers to the data source, providing a clear audit trail of any changes to data that might have occurred along the way. The headaches involved with managing off-line spreadsheets and disparate systems are a thing of the past, as data collection from disparate source systems and general ledgers is completely automated. Finance managers are able to monitor all BPM processes and data generated by those processes with absolute visibility and confidence, enabling speed with unprecedented control.

Assure data integrity

Certifying the completeness, accuracy and integrity of reporting data as mandated in SOX Sections 302 and 906 is one of the biggest challenges of ongoing compliance. Since CFOs must now personally sign off on financial reports, putting their professional reputations at risk, absolute faith in the numbers is critical. The Cartesis Suite provides unmatched audit features that employ trace reports and audit reports to give management visibility into how, when, by whom and how much data has been changed. A multilevel security system allows for multiple user groups, including external auditors, to gain “tailored” access to any area or data set while not compromising system security. Finance departments can provide all stakeholders with the information they need at the right time with total confidence.

Provide consistency among stakeholder groups

In a November 2003 report, AMR Research stated that “multiple systems and redundant business processes increase the cost of Sarbanes-Oxley compliance dramatically … failure to prioritize risks could triple compliance costs and exposure [risks].”2 Companies struggling with SOX compliance must move as quickly as possible to a single, integrated data model to reduce the need for reconciliations stemming from multiple applications, systems and data sets within other so-called integrated solutions. What is needed is a BPM solution that satisfies all stakeholder needs, making “one version of the truth” a reality. The Cartesis Suite provides your organization room to grow as additional requirements emerge without the need for additional investment. Multiple categories of data – budget, actual, forecast, SEC, GAAP, IAS – can be pulled from a single data store, reducing the need for vast reconciliations prior to disclosure and greatly reducing the risk of restatements, omissions or errors.

IV. Achieving Compliance ROI

While the legislation is so new that the fruits of SOX compliance efforts are difficult to quantify, there is most definitely an ROI associated with the implementation of a BPM solution. The investment of time and money will come back to an organization in the form of increased visibility and improved processes. Improved budgeting and planning yield more consistent, predictable results, giving companies a better chance of hitting their revenue and earnings forecasts, which in turn reassures investors and ultimately increases the value of the enterprise. Also relating to ROI:

• Automation of BPM processes reduce cycle times and labor-intensive tasks
• Well-controlled processes and systems potentially reduce the need for extensive audits (both internal and external)
• Insight into operations provided by BPM systems can often identify lowmargin or loss-leading business units, reporting units, customers, products, etc.
• Better monitoring of internal controls by BPM systems can prevent material misstatements

V. Cartesis Success Snapshot: Viasys Healthcare, Inc.

Take, for instance, the example of Viasys Healthcare, Inc., a $400 million company with 2,000 employees located in Conshohocken, Penn. When Viasys spun off from its parent organization, it inherited a legacy financial system with limited reporting capabilities, limited drill-down, and in no shape to meet the company's Sarbanes-Oxley compliance requirements. After replacing this system with the Cartesis Suite, Viasys’ finance staff was in a much better position:

"The new system, which we went live with in January 2003, has helped us all across the board, with everything from better decision making, more reliable data, and more time to analyze the data because the manual intervention is virtually gone. We've got better consolidation capabilities within each of our four divisions, and we're much better prepared to meet SOX requirements. Plus, now we can look at our international business activity and how well we're meeting customer demands across all four units. We can look at the impact of exchange rates, drill down on sales, drill down on product revenue, by product and by country, and gain visibility into our operating expenses."

- John Imperato, VP of Finance, Viasys Healthcare, Inc.

Viasys plans to extend the usage of its system to incorporate other processes, such as budgeting and forecasting, to attain the best-practice model of a single integrated BPM system that enables speed, control and visibility.

VI. Summary

The passage of the Sarbanes-Oxley Act has hastened the pace at which companies of all sizes are embracing BPM technology to gain the control and visibility that today’s regulatory environment demands. Companies that are able to use this technology to best advantage will be rewarded by the investment community, while those that fail to step up to the challenge will face potentially serious and costly repercussions. With a single integrated data model providing the control and flexibility to meet all reporting and analysis needs, only the Cartesis Suite delivers the speed, accuracy, transparency, accountability and most importantly the confidence that global organizations need to plan, control, report and measure business performance.

About Cartesis

Cartesis provides CFOs with a unique business performance management solution to “deliver the whole story behind the numbers" with unparalleled clarity and insight. Leading multinational companies around the globe rely on Cartesis software applications to get the full picture and offer timely and relevant information to their stakeholders. The company maintains offices in Brussels, Frankfurt, London, Madrid, Norwalk, CT, Paris, Tokyo and Utrecht. Cartesis products give global companies the analytic capacity and the flexibility they need to assess the rapid changes in their market places. One in five of the Fortune Global 100 and more than 30% of the Financial Times European 100 use Cartesis solutions to obtain unprecedented command over their financial information and processes. For more information, visit www.cartesis.com.

[1] “In the Regulatory Environment, Everything Old Is New Again” by Eric Krell, Business Finance, April 2004; [2] “ERP Consolidation and Automated Tools Will Reduce Long-Term Sarbanes-Oxley Compliance Costs” by Bill Swanton and Dana Stiffler, November 2003.