The Integrity News
Vol. XIII No. 4
February 19, 2004
February 16, 2003
"The law, officially known as the Public
Company Accounting Reform and Investor
Protection Act, enacted in July 2002, requires
companies to make disclosures on internal
controls, ethics codes, and the makeup of
their audit committees, in annual reports."
"Public companies with a market capitalization
of $75 million or more must be in compliance
with Section 404 for their fiscal year ending
on or after June 15, 2004. Smaller companies
have until the fiscal year ending on or after
April 15, 2005, to comply."
"Public companies across the U.S. are
scurrying to deploy software packages that
will (help) put them in compliance."
"Sarbanes-Oxley compliance is a five-phase
PLANNING -- Form your compliance committee and select
software to assist in the compliance process.
SCOPING -- Determine what information needs to be
documented and is material to the company.
DOCUMENTATION -- Document business processes and have
controls in place to ensure that the information is accurate.
GAP ANALYSIS -- Identify and correct inadequate controls.
IMPLEMENTATION, EVALUATION, and MONITORING of
controls -- Document and update controls as needed, then
turn them over to your audit team which evaluates the
depth and effectiveness of your controls. Also, develop
an ongoing process for monitoring your controls.
The article contains several brief insights into
the work that some well-known companies are
expending to get into compliance. Sarbanes-
Oxley compliance is not inexpensive. Some
companies are making the mistake of not
getting their IT departments involved. The
ease of use for employees is a big part of the
overall compliance issue. It is interesting to
note that most companies have come to the
conclusion that they need a Web-based system.
Their quest for low cost and control is the same
reasoning which led to the Web-native design
of our Integrity Administrator.
As one views corporate growth, it is interesting
to note that major public companies have an
average of 48 disparate financial systems each,
they each average 2.7 enterprise resource
planning systems, and over 47% of them use
stand-alone spreadsheets for financial
reporting. How risky !
The article points out that Sarbanes-Oxley
compliance means that everyone in an
organization must be aware of what is going on,
and control their own processes. Compliance
means identifying factors critical to accuracy,
reducing variation, improving capabilities,
increasing stability, and improving the design
of systems to achieve the goal.
To discuss the leverage and the savings
produced by using Web-native online Risk
Management Administration, contact The
Integrity Center, Inc. at (972) 484-6140.
Helping you with your Risk Management is
what we do.