With the introduction of the Sarbanes-Oxley Act (SOX) in 2002, companies have had to dramatically ramp up regulatory compliance efforts. Based on the guidance they received, companies began factoring a compliance check list into almost every process. Controls were designed to cover every possible source of financial reporting fraud. As these controls became more cumbersome, companies found it an increasing strain to comply with SOX regulations—and still, they failed to prevent the fraud these requirements were supposed to address, as evidenced by recent headlines regarding financial misstatements and deceit on the part of some very high-profile corporations.

One of America’s leading power utilities produces and sells electricity to more than 5 million customers in 11 states. The 100-year-old, publicly held company owns the nation’s largest electricity transmission system and operates eight regulated regional utilities. Thus, like any public company, it must handle its financial affairs efficiently and profitably and report on them to shareholders and regulatory agencies; it also has to demonstrate that its financial practices comply with an array of regulations that govern issues related to rates for service, spending oversight and economic development.

When it comes to managing the risks associated with privileged users, organizations face a daunting challenge. The operational necessities of the real-world often confl ict with the mandates on controls required by regulatory guidelines.

All public companies are experiencing the significant cost and resource burden of sustaining compliance with Section 404 of the Sarbanes-Oxley Act – and many are voicing their complaints. Organizations have spent numerous hours remediating internal control weaknesses. And because they lack the internal resources or skill set to maintain compliance, many companies must continue to rely on external resources to support on-going compliance activities, further increasing cost..

Rather than spending millions of dollars to address low-risk control weaknesses, risk-based SoD management guides your company to ensure financial integrity and meet your auditor’s demands without accelerating compliance costs. Continuous monitoring solutions from Oversight Systems drive risk-based SoD management by automating the analysis of user access rights across all financial systems, prioritizing SoD conflicts by actual risk, and automating mitigating controls for unavoidable and low-risk conflicts.

What if a SSC could immediately identify, prioritize and quantify all errors and accounting exceptions within the financial transactions across multiple financial ERP systems? What if these objectives could be performed on a real-time basis, every two or three minutes, extracting data without degrading the ERP financial system’s performance? The fact is, due to innovative exploitation of existing technology, a monitoring tool and application now exists that accomplishes these goals.

Just as they led ERP deployments in the 1990s, IT managers can lead process-improving changes by applying the proven methods for quality improvement to their financial applications. IT managers can enable business process owners to drive out errors in their financial systems through continuous monitoring and real-time transaction inspection.

Sarbanes-Oxley demands quality in financial reporting. While the initial costs of SOX compliance have been extraordinarily high, companies can achieve a return on investment by approaching their SOX compliance with a mindset to drive quality throughout their financial operations. AMR Research estimates that companies will spend more than $6 billion in 2005 to comply with Sarbanes-Oxley. Forward-thinking executives view this as a $6 billion opportunity to improve their businesses.

Business Process Outsourcing (BPO) service providers specializing in finance and accounting (F&A) see a growing market opportunity but already face increasing price pressures. Advisory firms are commoditizing engagements and defining what service level guarantees should be. In addition, costs keep escalating in offshore locations, diminishing some benefits of labor arbitrage. These market forces are creating immediate cost pressures on providers in the first year of outsourcing relationships. At the same time, providers need to focus on additional ways to increase their margins with existing clients. Due to innovative exploitation of existing technology, Oversight Systems provides a software-based solution that enables providers to meet these objectives with real-time transaction inspection.

Companies operating as industry leaders involve much of the organization in their SOX review process and are using a combination of business process analysis, project management, and changes to technology to go beyond the minimum requirements imposed by SOX to significantly improve operating results while introducing continuous business improvements.

While external IT threats and hackers attract headlines, every CIO and CISO recognizes that activities of authorized users pose a greater risk of real financial loss. The reliance upon automated financial systems and the IT revolution that links business processes across multiple data systems only increase this risk created by white collar hackers.

This white paper outlines specific threats of systems-based fraud, misuse and errors in an effort to educate CFOs, audit executives and information security professionals about the inside risks and threats that their organizations must defend themselves against.

In applying Sloan's principles of financial controls to enterprises today, some businesses are redefining their controls processes to move away from restrictive controls and toward real-time, passive monitoring of business transactions to identify policy violations, payment errors, system misuse, and fraud. Rather than limiting what functions employees can carry out as part of their jobs, transaction incident monitoring allows enterprises to boost productivity while mitigating the business risks.