Good governance and adding value are not diametrically opposed goals. They can be complementary objectives that further the evolution of Finance as a value-added business partner if senior management recognizes the true impact of strengthening internal controls and financial management processes. For example:

• Improved processes and systems can result in more accurate and timely dissemination of information, which will enable more informed business decisions
• Good governance enhances shareholder value
• Strengthening current processes and systems will assure management of quality certifications in future years

Daunting requirements and the evolving landscape for year one certification have forced many companies to initially take a short-term approach to compliance and forego opportunities to adequately plan, improve processes, and implement enabling technologies to support compliance activities in year two and beyond. Companies have an ability to redirect their efforts.  Decisions made now, during the completion of initial compliance, will have a significant impact on the efficiency and costs of ongoing compliance. Parson Consulting recommends that organizations re-evaluate their compliance programs from the following four perspectives: Ongoing compliance, Remediation prioritization, Process improvements, and Operational structures and efficiency. This article provides a high-level overview of each of these areas. Upcoming issues of Knowledge@Work will discuss each perspective in greater detail.

Check the health of ongoing compliance

Sarbanes-Oxley accelerated filers are currently focusing on initial compliance and preparing for the filing of their first Section 404 certification. That focus will soon shift to ongoing monitoring and maintenance in order to support future quarterly and annual certifications.

Consider the following when preparing for year two and beyond:

• The "tone at the top" helps influence behavior throughout the organization. Certifying officers should continuously reinforce executive support and commitment to reliable financial reporting and continuous improvement of the internal control structure and environment.
• Organizational support is critical to successful compliance in year two and beyond. An organizational structure that adequately supports ongoing compliance should be defined and established. The role of internal audit (where applicable) should be determined. Organizations should consider utilizing internal audit to perform control testing as well as consider the integration of the annual audit test plan with Section 302 and 404 certification testing.
• Process owners are an integral part of the control environment. They are accountable for the existence of adequate controls as well as the effectiveness of the internal controls for which they are responsible. Process owners should be directly identified and their roles and responsibilities should be clearly defined. Accountability and control ownership should be constantly reinforced. An effective self-assessment process can assist in facilitating this reinforcement.
• Integrating annual/quarterly financial reporting activities with certification efforts will promote efficiency. Companies should review their current closing and financial reporting procedures against those meeting quarterly 302 and annual 404 certifications. A consolidated checklist/schedule can then be developed that will enable Finance organizations to identify bottlenecks, shift and balance activities, as well as eliminate inefficiencies.
• A formal process change recognition and update procedure should be established. Section 302 requires disclosure of any changes that materially affect internal control over financial reporting. This will help to ensure timely quarterly disclosure, an efficient annual certification process, and continued confidence in the internal control environment supporting financial reporting.

A vast amount of process and control information was obtained and documented during the initial compliance effort. An organization can utilize this knowledge to foster positive change within the organization and potentially realize a return on the compliance investment. Value can be recognized through process improvement, control remediation, and expansion beyond compliance through the development or enhancement of enterprise risk management and corporate governance programs.

Prioritize improvement opportunities to control remediation costs

As companies advance toward the completion of initial compliance, current and future remediation efforts should be designed to improve the efficiency and productivity of operating processes as well as tighten internal controls. Each internal control remediation gap should address not only how the corrective action improves the overall control environment, but also how it streamlines transaction process flow.

The timing of remediation efforts should also be considered. Companies should determine to what extent remediation could be conducted in conjunction with compliance activity. It is a best practice to plan for parallel documentation, control gap identification, gap remediation, and testing for both initial and ongoing compliance. Parallel execution can have a dramatic impact on the cost and the timeline of compliance efforts.

The first step in effectively coordinating various remediation requirements is to categorize them by type of improvement opportunity. Category examples include the following:

Control improvements

• Mitigate missing or deficient controls
• Eliminate unnecessary or redundant controls
• Minimize financial statement line items or process risks
• Eliminate policy and/or authorization deficiencies
• Establish control process metrics

Sarbanes-Oxley and financial reporting improvements

• Establish Sarbanes-Oxley reporting package
• Establish data standards across financial processes, reporting both financial and managerial
• Focus on revenue enhancement and cost reduction

Productivity improvements

• Eliminate non-value added tasks
• Automate manual activities (e.g., reconciliations)
• Establish data and/or process standards across regions
• Revise policies
• Align business activities and efforts with perceived value

Improvement opportunities should be prioritized based upon business impact and complexity. High impact improvements address material business issues that can be accomplished in a short duration with minimal business disruption. They mitigate significant business risk and typically yield results quickly. Implementation should not extend beyond 90 days. Medium impact improvements also focus on material business issues; however, they require an extended period of time and strong participation from the business. Implementation will typically take between three to six months.

Prioritizing remediation activities based upon process improvement opportunities will not only reduce the organization’s latency in reporting and disclosures, but also advance Finance’s position as a valued business partner.

Elevate the role of finance through process improvements

Documentation efforts required for Section 404 compliance have enabled many companies to take the first step in business process improvements; documentation of current processes, and identification of redundancies and inefficiencies. As control remediation continues, companies are well positioned to incorporate process improvements. The following strategic approach can help Finance continue to deliver value to stakeholders in today’s environment of increased governance.

Step 1 – Identify the enterprise strategy and communicate it throughout the Finance organization

Control remediation and process improvement should meet short-term goals and deliver long-term value. An organization’s financial objectives are typically a combination of liquidity and working capital optimization, profitability, and growth. The strategic goals of senior management should be understood by Finance and incorporated into everyday activities. Consider the risk implications of the enterprise strategy and counsel management accordingly.

Step 2 – Develop a finance strategy to support the enterprise strategy

Re-evaluate existing key metrics to address crucial Sarbanes-Oxley processes. Identify internal and external stakeholders and the information they need to make insightful decisions. Define, develop, and deploy measurements to satisfy information objectives such as Key Performance Indicators and Balanced Scorecards. Benchmark against industry leaders and key competitors to establish a performance baseline. Then set goals and define a plan to achieve them.

Step 3 – Generate a capacity to provide analytical and consultative services

Remove non-value added processes that were identified in Section 404 documentation. Develop an analytical and consulting capacity within the finance function. This competency is critical to transformation. Measure your own processes. Simplify and streamline transaction and reporting procedures through shared services, outsourcing, and accelerated close methodologies.

Step 4 – Leverage technology to deliver and distribute results

Avoid manual workarounds and reduce the cost of ongoing compliance through technology. Use technology as a key enabler to transformation. Leverage the capabilities of your ERP system(s) and integrate wherever practical. Eliminate spreadsheets as a focal point of your reporting process by implementing consolidation and reporting packages. Consider Business Intelligence and Web-based distribution (XBRL) applications to improve the timeliness and accessibility of critical information.

Good governance, as evidenced by an effective system of internal control, and adding value to the business do not have to be conflicting objectives. Many forward-thinking organizations have recognized the compatibility of the two goals and have incorporated both perspectives into their planning and compliance programs.

Examine operational structures to gain improved efficiency

An increased pressure to do things faster, better, and more cost effectively has prompted companies to pursue various strategies to improve operational effectiveness. What functions should be performed within the business units? Who should select, purchase, and operate the supporting technologies? When should business units be free to choose operating standards and when should Corporate mandate consistency? These questions are answered differently based upon a company’s operating style, industry, and market focus.

There are benefits to centralization and de-centralization. Companies should closely examine both approaches before making any operational changes:

Benefits of centralization/standardization

• Less redundancy in operations
• Leverage of management time and attention
• Economies of scale
• Easier implementation of best practice approaches
• More defined career paths for professionals in support functions
• Reduced maintenance cost and effort
• More efficient utilization of IT resources (e.g., technical infrastructure, application support and licensing, and modifications)

Benefits of de-centralization/customization

• Processes and systems can be tailored to each business unit’s unique needs
• Local systems can be more responsive to changes in business conditions
• Local operations can help foster a culture of ownership
• Local operations that are integrated through a monthly feed of summarized financial information to Corporate can be more easily incorporated or divested

Impact of Sarbanes-Oxley on operational structures

While there are benefits to de-centralization, compliance requirements driven by Sarbanes-Oxley will likely make economies of scale more important. The expense and time required to annually review process documentation and re-test will increase with each separate department engaged in auditable activity. This will be particularly true where operations are not only separate, but also vary in terms of systems, formats, and process design. 

Centralization is not an easy change. Companies are often reluctant to move away from their de-centralized structures (even if they know they are ineffective) because the social, technical, and financials costs of changing can be high. Nonetheless, more organizations are finding that the additional cost of complying with the Act still warrants the decision to centralize or even employ a shared services model.

According to a July 2004 survey by Financial Executives International, public companies expect to spend on average of 62 percent more than they had previously estimated to comply with Section 404.(1) More informal estimates indicate annual ongoing costs for monitoring and compliance could amount to as much as 50% to 70% of the initial compliance costs. Parson Consulting recommends that organizations conduct operational and budget reviews to prevent future costs from skyrocketing. Companies that have maintained critical financial functions at the divisional level should reconsider centralizing those functions in order to take advantage of greater economies of scale.

Leading companies have shifted Sarbanes-Oxley efforts from "project" to "process," moving towards a more sustainable infrastructure that will support ongoing financial management operations. Immediately addressing the four critical areas of Ongoing compliance, Remediation prioritization, Process improvements, and Operational structures and efficiency will help organizations leverage the knowledge obtained through compliance activities and capitalize on the opportunity to improve business processes, while maintaining a solid control environment. This approach will enable Finance to add value while ensuring good corporate governance.

The authors are practice directors of Parson Consulting. John Krieger specializes in business analysis; Anne Marchetti and Mike Scanlon in governance and risk management; and Gerald Walsh in service strategy.

Over the last two years, Parson Consulting has helped more than one hundred companies see the value in adopting a long-term approach when addressing Act requirements. As a financial management consulting firm that does not conduct audits, Parson focuses on areas that are off-limits to auditors. This allows the firm to approach initiatives from a business perspective, which results in greater collaboration with clients’ external auditors and eliminates independence issues.

(1)  Financial Executives International "Sarbanes-Oxley Compliance Cost Estimates Soar 62% Since January,"  August 11, 2004