|
by Alan Alper, MA Editorial Staff Posted on Sunday, February 20, 2005 11:25:00 AM   | Abstract: | With initial projects already completed at many manufacturing companies, or reaching a crescendo at others, here's some useful advice from consultants and corporate managers who have been through the Sarbanes-Oxley compliance wars. |
As of November 15, 2004, publicly-held companies with revenues in excess of $75 million are required by the Sarbanes-Oxley (SOX) Act to issue an annual report (signed by management and certified by external auditors) detailing the effectiveness of internal control structures and specifying the responsibility of management for monitoring and maintaining adequate financial management policies. Smaller companies have until July 15 of this year to comply with this portion of the act, known as Section 404. Under Section 409 of the act, all publicly-held companies must also have a plan to accurately and immediately disclose the material impact certain events have on the business. With initial projects already completed at many manufacturing companies, or reaching a crescendo at others, we thought it an opportune time to provide SOX-compliance advice from leading consultants and corporate managers. (Click here to see a list of SOX-related resources.) 1) SOX is more than financial disclosure. To fully comply, companies must audit all relevant process from the plant floor through the back office. "If there's a significant event at an operation -- some kind of disaster that's going to have a prolonged, significant impact on the company -- it's something that the company needs to be able to show it can monitor and control under Sarbanes-Oxley," says Jorge Milo, industrial manufacturing leader for PricewaterhouseCoopers told Managing Automation last year. 2) Know your company culture -- and appetite for risk. According BearingPoint, companies are either "avoiders" or innovators in their approach to SOX compliance. Avoiders (the majority) seek to minimize exposure by only addressing specific SOX mandates such as Section 404. They do this through targeted remediation and focus on critical control deficiencies. Innovators, on the other hand, are looking to extend remediation efforts to enable continual process improvement and long-term compliance. They seek to use SOX to drive incremental value for the finance department; in other words, "to rethink processes and metrics to turn the finance function on its head," says BearingPoint's Anita Tilley, managing director and global Sarbanes-Oxley solution lead. "The interesting part of the story going forward, whether you're an innovator or avoider, is that everyone has to figure out how to make the SOX eco-system sustainable over time," she notes. "Brute force used in 2004 is not sustainable; that's why a partnership between IT and finance is invaluable." 3) Closely monitor regulatory activity. For instance, European companies with manufacturing or other physical presences in the U.S. have appealed to the Securities & Exchange Commission for relief. They want to forgo Section 404 compliance until calendar 2006. Also, some companies have asked for better definition around the "small company" classification. Expect the creation of a special task force and ruling in the next four to six months on this, says Glen Conway, a vice president at Visage Solutions LLC (Raleigh, NC), an operations and risk management consulting company. Don't expect any major changes, however, BearingPoint's Tilley advises. "Keep moving forward as if there aren't going to be any changes." 4) Build on initial success -- and think broadly. To meet stringent deadlines, many manufacturing companies quickly documented processes from design and engineering through purchasing, production and inventory and distribution management using off-the-shelf tools like Excel and Visio. These tools provided reasonable visibility into business processes and helped to jump-start the documentation exercise, which made initial audits possible. But, in many cases, these were stop-gap efforts. Page : 12 3 ... NEXT |