Employee Morale Threatens Sarbanes-Oxley Compliance, Driving Companies to
Automate Manual Processes, Reports New Oversight Systems Survey
As the SEC reviews Section 404, financial executives report that SOX compliance
reduces the risk of fraud, decreases errors and improves financial operations
ATLANTA - April 12, 2005 - Oversight Systems Inc. today announced the results of the 2005
Oversight Systems Financial Executive Report on Sarbanes-Oxley, a survey of more than 200
financial executives. Nearly half of financial executives feel the biggest issue related to
SOX compliance is the need to maintain the morale of the employees responsible for compliance.
Reducing internal and external costs ranked as the second most frequently cited challenge to
ongoing compliance.
"Most executives aim to minimize their ongoing SOX compliance costs, but progressive companies
recognize the potential to improve their businesses in the process," Oversight Systems CEO
Patrick Taylor said. "Oversight automates the analysis and testing steps in an audit, which
reduces Sarbanes Oxley monitoring and testing expenses. Oversight's real-time analysis prevents
costly errors within procure-to-pay, order-to-cash, and financial accounting & reporting
processes."
The survey (available for free download at
www.oversightsystems.com/survey.html) also reveals that most financial executives say that after implementing SOX requirements to remediate control deficiencies, most companies have seen bottom-line business benefits. Nearly half, 49 percent, say SOX compliance resulted in reduced risk of fraud and errors; 48 percent say they now have more efficient financial operations; and 31 percent say error rates have declined. Of the group, only 14 percent said that remediating control deficiencies has had no real effect on financial operations; and a handful, 12 percent, report less efficient financial operations after complying with SOX.
"Obviously, complying with Section 404 of Sarbanes-Oxley has been extremely expensive," said Joseph V. Carcello, co-founder & director of research for the University of Tennessee's Corporate Governance Center. "However, stronger controls lead to real benefits in the form of eliminating waste, eliminating abuse and better information for improved decision making." Carcello is also an advisor to Oversight Systems.
The survey also found that the burden in terms of human and monetary capital could compromise future compliance efforts.
"From the perspective of reducing the risk of fraud, Sarbanes-Oxley is definitely achieving its goal of improved corporate accountability," said Patrick Taylor, CEO of Oversight Systems. "Our previous SOX study found that financial executives think SOX compliance was a good investment for stockholders, and this report confirms that leading companies drive tangible benefits from SOX. However, the compliance process could be derailed by the burdens placed on the people responsible for day-to-day compliance. As the SEC solicits feedback regarding Section 404, the message is clear: companies can't rely on personnel alone to maintain long-term compliance."
Reducing Compliance Costs
To reduce the burden on employees and the many costs of complying with Sarbanes-Oxley, 60 percent of financial executives say they are implementing technology solutions that automate manual processes required for compliance.
"The 404 process has been a tremendous burden on employees who have worked extremely hard to meet tight deadlines documenting internal controls. The solution is to automate the manual compliance tasks with technology, such as continuous monitoring," Carcello said.
Other approaches to cost control include:
Simply maintaining current processes, which will cause SOX costs to naturally go down (29 percent)
Decreasing their reliance on compliance consultants to lower costs (27 percent)
Pressuring external auditors into reducing their fees (19 percent)
Pressuring consultants to reduce their fees (8 percent).
However, nearly a quarter of respondents (23 percent) say they don't expect SOX compliance costs to fall during 2005. Non-audit financial executives (CFOs, vice presidents of finance and controllers) were more than twice as likely as internal audit executives (chief auditors and vice presidents of internal audit) to say they don't expect SOX compliance costs to fall this year.
Internal Controls & the Role
of Continuous Monitoring
To comply with Section 404 of Sarbanes-Oxley, most companies have structured their internal controls as outlined by the COSO (Committee of Sponsoring Organizations) internal controls framework. However, much of the laborious work could be avoided if companies placed a bigger emphasis on the framework's monitoring component.
"Companies are underutilizing the monitoring component of the internal control framework," said Mark S. Beasley, professor & director of the Enterprise Risk Management Initiative at North Carolina State University. "Some are too focused on the detailed control activities, and they are missing the opportunity to monitor transactions for control compliance." Beasley is also an advisor to Oversight Systems.
The report found other possible roadblocks that challenge ongoing SOX compliance, such as hiring internal auditors or other employees responsible for compliance (42 percent). Some respondents reported they faced problems resulting from friction with external auditors (21 percent).
Audit Committees & the 10-k
Sixty percent of financial executives report that board audit committees increased their involvement in the fiscal year-end closing process or 10-k filings, according to the Oversight Systems survey. Almost half (47 percent) report more involvement from the CEO. Less than a quarter of financial executives (23 percent) say that SOX delayed their fiscal year-end closing process or 10-k filings. However, only 27 percent said SOX had no impact on their closing or filing processes.
SOX Compliance & Enterprise
Risk Management
The Oversight survey reveals that half of financial executives say they integrate their SOX compliance as part of a broader enterprise risk management strategy. Thirty-three percent say their SOX compliance is not part of an ERM strategy, and 17 percent say they are uncertain. Surprisingly, when evaluated separately, non-audit financial executives were more than 50 percent more likely to say they don't know if their SOX-compliance effort was part of a broader enterprise risk management strategy than were internal audit executives.
"Sarbanes-Oxley is all about risk assessment and assessing control effectiveness for financial reporting," Beasley said. "After spending millions to comply with SOX, companies should look to create value by leveraging their SOX work into a broader enterprise-wide approach to risk management."
Aiming for the Corner Office
The survey asked audit-related financial executives if they were interested in being a CFO. Only 31 percent said yes. Non-audit financial executives were asked if they were interested in being a CEO, and 51 percent said yes.
About the 2005 Oversight
Systems Financial Executive Report on Sarbanes-Oxley
The report is released in advance of the April 13 Securities and Exchange Commission (SEC) public
roundtable on Sarbanes-Oxley (SOX) implementation. A total of 212 financial professionals from
across the U.S. participated in this study, which was conducted at two major industry events held
in March 2005 - CFO Rising and the Institute for Internal Auditors' General Audit Management
Conference. Titles of those surveyed included chief financial officer, chief audit executive,
controller, vice president of finance, and director of internal audit.
This study follows the December release of the 2004 Oversight Systems Financial Executive Report
on Sarbanes-Oxley, a nationwide survey of 222 financial executives. The 2004 report showed most
financial executives were torn on the cost vs. benefits of Sarbanes-Oxley compliance. The report
can be downloaded at
www.oversightsystems.com/survey.html.
EDITOR'S NOTE:
Camera-ready charts and graphs of the findings from the 2004 Oversight Systems Financial Executive Report
On Sarbanes-Oxley Compliance are available by contacting Donna Askew
by phone at 770.984.4650
or by email at
donna.askew@oversightsystems.com.
About Oversight Systems, Inc.
Oversight takes continuous monitoring to the next level by combining an audit data warehouse, advanced analytics and workflow into a single, integrated, application. By inspecting each step of individual transactions across systems, Oversight identifies errors, control violations and fraud to drive higher levels of performance and compliance. Oversight's platform automates the entire life cycle finding problems in business processes, fixing those problems and proving the problems were resolved. Oversight is the solution of choice for those CFO's, CIO's and CISO's serious about compliance and enhancing their financial performance. For more information, visit www.oversightsystems.com.
Warning: include(../_include/testimonials.php) [function.include]: failed to open stream: No such file or directory in D:\hosting\member\auditdata\oversight\release_050412.php on line 263
Warning: include(../_include/testimonials.php) [function.include]: failed to open stream: No such file or directory in D:\hosting\member\auditdata\oversight\release_050412.php on line 263
Warning: include() [function.include]: Failed opening '../_include/testimonials.php' for inclusion (include_path='.;C:\php5\pear') in D:\hosting\member\auditdata\oversight\release_050412.php on line 263
