-
-
Marketplace
-
Channel Resources
Articles from this Site
-
One brand, one Web site! DM Review is now the home of all the content you're used to at BIReview.com and much more. If you are registered at BIReview.com, you're already registered at DM Review. If not, take just a moment to sign up for all the free services we have for you at the new DMReview.com.
BI and SOX Compliance
Sarbanes-Oxley (SOX) compliance does not come cheaply. Many firms have that have gone through a SOX audit have experienced frustration at the significant spending for its preparation with little business value/improvement derived. While the first year of SOX saw focus on what was required to demonstrate compliance to auditors, savvy firms are now turning their focus to sustaining compliance and reducing some of the incremental costs that they incurred in the first year. Out of arduous Section 404 activity, a list of work items were developed that often proved to be additional opportunities for services vendors to address in the following year. Many firms believe that technology can play an important role in compliance sustainability, however, it must be understood that technology must be interwoven into business processes to ensure that enterprise processes are compliant. A SOX compliance and governance solution requires an integrated combination of business processes and technology, but to the pleasant surprise of many, much of this technology has already been acquired by the enterprise. Most enterprise applications, including enterprise resource planning (ERP), customer relationship management (CRM), enterprise content management (ECM) and supply chain management (SCM) play an important role in ensuring that controls are in place to demonstrate and sustain compliance, including role-based approval processes and auditable transaction flows. More recently, firms are turning to their business intelligence (BI) and business performance management (BPM) investments to understand how these can best be leveraged.
Technology solutions can enable improvement in the following areas that are critical for SOX as well as other compliance and governance initiatives:
- Visibility/transparency: SOX Sections 302 and 906 require C-level sign-off on results and Section 409 requires that firms provide insight into financial and operational results. This includes providing visibility and "drill down", often across a multi-ERP environment. Inconsistency, and to a lesser extent fraud, can be reduced by enabling transparency, particularly through a Web browser or portal interface to ensure that the appropriate eyes are viewing the data. Unfortunately, many firms are extremely Excel-reliant for reporting, which adds to complexity in this area. Ideally, firms should source all of their financial and operational reporting from a consistent repository, such as a data warehouse or data mart, as well as utilize like reporting tools with the goal of providing "One Version of the Truth", a tagline for many of the BI and BPM vendors.
- Control: Many firms will reexamine the controls that have been configured into their ERP applications to ensure that role-based processes are controlled and have appropriate access and security rights.
- Communication: SOX compliance will require improved communications capability, and many firms will implement internal and external portals, content management processes, and e-mail-based workflows to enable this. Internal communication tools are necessary to facilitate the identification and resolution of changes in financial position (Section 409) as well as to coordinate the "official external response" to external parties through aggregation of data and content.
- Risk management/fraud prevention: While there are many firms investing in Governance Tools (e.g., Axentis, Movaris, OpenPages, Paisly Consulting) to document and assess controls, many firms will also consider data-auditing/business assurance analytical tools (e.g., ACL) as well as BI to gain understanding of risk areas as data is bridged from one component solution to another.
SOX requires CEOs and CFOs to certify during periodic reporting (i.e., 10-K and 10-Q) that the information disclosed is in full compliance with the Securities Exchange Act of 1934, and that the information fairly represents the company's financial condition and results of operations. Financial accuracy has always been important; however, CFOs are now reemphasizing the need to make financial accuracy a top priority and the BI vendor community is rallying to this cause. BI platforms will prove to be instrumental in provide the following visibility/transparency, control, communication and risk management capability:
1. Aggregating financial and operational information: Organizations will need an effective process to consolidate financial results and operational results from multiple solutions, including ERP. These often need to include ETL processes that translate to standard charts-of-accounts and product codes since many firms are the product of mergers and acquisitions. This aggregation must enable the appropriate detail level to ensure financial audit/validation processes and external reporting.
2. Putting results in front of those who need to know: Through financially-focused portals and Web-based reporting tools, results details can be more accessible to those managers that can ensure that results are an accurately represent operations. Firms should ensure that appropriate financial and operational personnel have visibility into accounting transactions, of course in a controlled and secure manner.
3. Flash reporting before month-end: Firms should not wait to month-end before they can view see consolidated results. Flash reporting capability (the processing of accounting interfaces at routine intervals during the accounting month and reporting) can prove invaluable to identify potential errors before the critical month-end book-close, when there may be limited time for analysis and correction.
4. Drill down on details and on-line analytical processing (OLAP): Analysis capability, including OLAP, is critical to provide visibility into transactions (or appropriate summarized details) that cause results anomalies. Drill-down in a BI environment is preferable over having to query multiple ERP solutions, often with different interfaces and reporting tools.
5. Identifying out-of-tolerance conditions and alerts: BI tools can highlight key areas for analysis on under/over predefined tolerances associated with a financial or operational metric. This should take into account forecasting, trending and modeling capability such that if a metric falls out of range of a trend, budget/plan, the appropriate flag is raised, along with the workflow process to get the investigation underway.
6. Segmenting reporting into material/significant elements: Material items should be routinely investigated to ensure consistency during the month as well as at month's end. This may include a focus on billings to top customers, billings from top suppliers, top expense/capital items, as well as results from mission-critical business transactions.
Key to any BI approach to compliance is internal education. Improving and sustaining compliance requires that users properly approach their analysis and understand and decipher financial results and variances. It is important to understand that compliance is not a one-time solution. Continuous business analysis is required to understand and probe results to ensure their accuracy and consistency. It is important to note that this is not only a good compliance approach, it is good business sense that can ultimately lead to a more effective and competitive enterprise.
John Van Decker, senior vice president and principal research fellow, Robert Frances Group, can be contacted at jvandecker@rfgonline.com.
For more information on related topics, visit the following channels:
