Critical ChangeBy Mel Duvall | Posted 2003-08-01 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Shareholders nearly deify Warren Buffett for the way he manages his diverse holding company, Berkshire Hathaway of Omaha.
But Buffett now faces a difficult pass. New regulations from the SEC, the U.S. Congress, the New York Stock Exchange and various other organizations seeking to clean up the business sludge of the past two years demand specific changes intended to make financial reporting clearer and more complete.
New rules in an act sponsored by U.S. Sens. Paul Sarbanes, D-Maryland, and Michael Oxley, R-Ohio, aim to simplify financial reporting and hold senior executives and auditors responsible for the figures they report and how they report them.
While Buffett may say technology isn't necessary to achieve fair and accurate financial reporting, many other companies are acting differently. In a recent survey by AMR Research of 60 Fortune 1000 companies, 85%, said they plan technology changes to comply with the Sarbanes-Oxley Act.
That's because the new rules require faster disclosure of significant financial events, which is difficult to do with paper or low-tech means such as spreadsheets. Also, top executives, who must vouch for the data their companies put out, now want to see underpinning documentation before signing certification statements. If later convicted of fraud, they face up to 20 years in jail and $5 million in fines for false certification.
External auditors will also have to certify they believe management has systems or processes in place to allow it to state the results are accurate with such confidence.
Former SEC Chairman Arthur Levitt says companies need ethical and sound methods for figuring their financial condition, of course. But it's software for gathering and analyzing data that puts those principles into everyday action.
"It will take financial executives working with CIOs to ... enable quick and accurate acquisition of data," Levitt said in a teleconference. "I don't see how you could do it without using information technology. That's fundamental."
AMR predicts up to $2.5 billion in spending on Sarbanes-Oxley information systems and planning this year and next. On average, it will cost $480,000 for software and technology consulting to comply with the law, according to 83 large public companies surveyed by Financial Executives International, a professional association in Durham, N.C.
A key section of the act requires that internal control structures and processes involved in financial reporting be clearly documented, followed and continually audited. That means that companies must not only report the right numbers, they must be able to show how they got those numbers. That includes accounting software as well as transactions recorded in enterprise-resource planning, supply chain, and customer-relationship-management systems. The goal is to guard against tampering or lapses that could introduce errors.
Beyond assurances from Buffett that his company is clean and self-monitoring, it is unclear how Berkshire Hathaway plans to meet those requirements.
Buffett's system is low-tech: He talks with many of the Berkshire chief executives by phone almost every day. He does not have a computer in his office; there is no chief information officer or equivalent among the 16-member staff of Berkshire. Buffett receives financial reports from many of his companies via a fax machine. He has little use for technologies such as real-time business intelligence systems, with which other companies monitor operations to catch problems before they grow Tyco-esque. To date, Berkshire shareholders have not paid for any $15,000 dog-shaped umbrella stands for any company executive's personal domain, to anyone's knowledge.
Elsewhere, finance and technology managers use Sarbanes-Oxleyand the wide-eyed attention senior executives are giving the actas a lever to modernize reporting systems.
Principal Financial Group, a $9 billion insurer in Des Moines, Iowa, sees the chance to put in long-coveted automated auditing tools and a database from Paisley Consulting in Cokato, Minn., to track internal controls. Jeff Hall, Principal's director of business-risk consulting, then wants to automate even more auditing work, such as identifying and ranking business risks to the whole company. "Now's the time," he says.
Automating fraud detection can be as simple as auditing software that sends e-mail to the finance chief or other designated officers whenever the pay-to address of a regular, outgoing check changes. It could be an alert whenever payments are made to a new type of payee, so that specific managers can see when new entities are being set up. So-called executive dashboards from Hyperion and Cognos can do that.
Matching payments to vendors sounds fundamental but can be overlooked. The Los Angeles school district uncovered $71 million in fraud, including duplicate payments and payments to fictitious vendors using an auditing package from ACL Services in Vancouver, British Columbia. Among other things, the software matched checks issued against purchase-order numbers or specific contracts and found that many checks were written directly to vendors with no such reference documents on file. It also flagged the fact that one employee made 48 budget transfers for $49,999, a dollar below the $50,000 threshold that would have required special approval.