About 70% of finance and technology executives said their companies still aren’t using a third-party software tool to help meet the financial control requirements mandated by the Sarbanes-Oxley Act, according to a survey released Wednesday by controls management software maker Approva.
The survey of 200 chief financial officers, chief information officers and heads of internal audit, conducted from Sept. 13 to 21, comes amid continued criticism and calls from top economic officials to loosen parts of the 2002 legislation.
More than seven of 10 executives queried say their firms lack a software solution that helps them conform to Sarbanes-Oxley’s Section 404, which mandates tighter internal financial controls. Thirty-seven percent of the executives report that at least four-tenths of their I.T. controls are still done manually.
“When people started out on this, it smelled a lot like Y2K to them,” says John Hagerty, vice president of AMR Research, referring to technical compliance requirements for companies to fix the date-related errors associated with the year 2000.
Even though most companies aren’t using a compliance tool, those that are have been spending more on consulting than on actual software. That trend is changing, though, Hagerty says. In 2007, he expects companies to boost spending on technology ($1.98 billion, compared with $1.94 billion in 2006) and lower spending on professional services ($1.73 billion, down from $1.75 billion this year).
But firms that lagged on technology aren’t in huge trouble, Hagerty says. “Companies that are starting to go through this now, you would think, would learn from the ones that have already gone through it,” Hagerty remarked at the roundtable discussion where the survey was released.
Patrick Taylor, president and chief executive officer of Atlanta-based Oversight Systems, another controls management software provider, attributes the low number of compliance software deployments to the approach companies took in meeting Sarbanes-Oxley’s requirements.
After the act’s passage, consultants and auditors began presenting customers with spreadsheets listing standard controls. The customers were instructed to go through the lists and make sure they had those controls in place. “They ended up having almost a checklist,” Taylor says.
Today, he adds, auditors and their customers “are starting to think about the risk and figure out what is an effective control to manage the risk.” According to the Approva survey, one-fourth of the executives said they plan to evaluate and/or implement a tool by September 2007.
Securities and Exchange Commission chairman Christopher Cox last week told a Senate panel that Sarbanes-Oxley’s Section 404 puts a heavy burden on companies in the form of expensive and time-consuming audits.
Former Federal Reserve chairman Alan Greenspan, speaking Monday night to a meeting of the Massachusetts Technology Leadership Council, praised the requirement of corporate chiefs to sign off on financial statements, but called most of the act a “nightmare” (see
A little over a year ago, though, Greenspan, while noting his surprise at how well Sarbanes-Oxley has functioned, said the act “importantly reinforced” the principle that businesses should optimize their resources to be responsible to shareholders.
Rick Cobb, Approva’s chief operating officer, says he doesn’t expect major changes to the legislation. And if Congress opts to loosen the requirements, Cobb believes public companies would still keep their controls in place. “The fact is, a higher standard has been set,” Cobb says. “The train’s left the station on the whole thing.”
Taylor takes a slightly different view. “Whether or not the act is changed isn’t as relevant as the way that companies and auditors are approaching it,” he says. “They are evolving, and to some degree it will self rationalize.”
Click here to read Baseline‘s coverage of antifraud software vendors: Shutting the Door on Scam Artists