Electronic record-keeping is fundamental for compliance with many of the new legal requirements facing companies, including Anti Money Laundering (AML), Sarbanes-Oxley (SOX), Basel II and the recommendations of the King II Commission. As a result, consultants and software providers are rolling out `solutions' that, in many cases, are nothing more then souped-up spreadsheets.
"Introducing an isolated solution that simply enables compliance is very shortsighted," says Bill Hoggarth, managing director of SAS Institute South Africa, leaders in business intelligence solutions. "Instead, companies should be viewing compliance as a wake-up call.
"Rather than being a burden, new legislative requirements can give companies the impetus they need to incorporate business intelligence throughout the enterprise - and become more competitive in the process."
Leading companies, knowing that they will need to spend money to change IT and application infrastructures, are choosing to use the new regulations as an opportunity to better manage their records and improve data flow by incorporating analytics, forecasting and modelling into the mix. "Although the new SOX financial disclosure requirements are not binding for many local businesses, South African listed companies would do well to use them as guidelines if they want to trade internationally.
"Granted, this creates a lot of extra work for CFOs, finance and IT departments. But it is work that can provide long-term benefits for the enterprises that take the right approach," Hoggarth says.
Passed by the US Congress in 2002 the wake of corporate fraud scandals that swept through the country, the Sarbanes-Oxley Act requires companies to file paperwork with the Securities and Exchange Commission faster, create a more transparent means of collecting and posting financial data, maintain volumes of data, and test their procedures for posting accurate, timely information. The goal is to put an end to the kind of market confidence-shattering financial meltdowns that occurred at Enron and WorldCom.
The potential consequences of posting inaccurate statements are steep: prison sentences and multimillion dollar fines for the company's chief officers. It is no surprise, then, that nine of 10 CFOs in a recent national survey by CFO magazine said that their jobs are harder than they were five years ago. More than half say they are working longer. The bean-counter label has been replaced by one that is equally derisive - corporate cop.
And as if going to jail were not enough of a deterrent, company misrepresentations - even inadvertent ones - have a punishing effect on stock prices. "For every dollar that a firm overstates its earnings or inflates an asset value, we have seen it take a hit of two dollars in market penalties," says Dr Jonathan Karpoff, the University of Washington's Norman J. Metcalf professor of finance. Consistent reporting across all parts of the enterprise has never been more important.
With some customisation, spreadsheets do offer the quickest way to comply with one section of Sarbanes-Oxley. Known by its number, Section 404, it requires companies to define their internal controls and procedures, including tests to ensure that objectives are being met.
"But spreadsheets - whether used for SOX, Basel II or AML compliance - have their limits," says Hoggarth. "Files will soon grow far too cumbersome to manage easily. Instead, organisations should look to their core - and either rebuild or add to the structure to ensure long-lasting capabilities. Complying with legislation is just fixing a symptom. Building an enterprise structure using financial intelligence focus in on the overall problem and provides long lasting success."
Hoggarth also believes it makes sense to consider the following issues in choosing a consultant or vendor:
Can your top officers quickly determine how well compliance efforts are being met? There is a lot of nitty-gritty to many of the regulations. Can the CFO call up one screen and find a score on how well access to journal entries has been double-checked as well as a compliance matrix showing individual divisions? Or will the executive be wading through volumes of spreadsheets to get the answer? A dashboard that instantly and cohesively presents information frees busy executives to get on with their work.
Can your solution provider integrate the Sarbanes-Oxley requirements with other regulatory requirements, such as those of the Financial Intelligence Centre (FIC) Act that addresses money laundering and Basel II? Basel II is an international banking agreement intended to improve the safety and soundness of the financial system by aligning capital adequacy assessment more closely with the underlying risks that affect banks. Under the accord, in order to earn the right to keep a minimum amount of operating capital, financial institutions need to store three years of data and model risks using that data. The FIC Act requires institutions to aggressively pursue money launderers, a practice made simpler by software that can flag suspicious account activities and account holders.
Can your software maintain digital signatures online? One of the seemingly mundane aspects of Sarbanes-Oxley is the requirement that companies have and follow an ethics policy. Digital signatures will not only ensure that key employees have read and agreed to abide by the policy, but will allow the whole process to be conducted easily online.
Can your solution provider offer analytics if you request it? Data mining software can hunt for outliers that might signal fraud. Take a purchasing manager who does not need authorisation for purchases under R10 000. How would your company spot payments sent to the same vendor each month for R9999? Or uncover suspicious patterns in revenue bookings? Or unearth accounts that are not suspicious but whose monthly increases and decreases are not behaving in synchronous fashion.
"The new regulations do not mandate analytic software to uncover patterns of wrongdoing. And they do not require companies to improve their budgeting process. But it would be hard to find a CFO who would not want an executive dashboard at his or her fingertips that presented realtime data or tools to detect fraud.
"So when company executives look at compliance regulations, they could choose to see a bitter serving of exhausting, time-consuming hassles," says Hoggarth. "Or they can seize the opportunity to achieve something more valuable."
For more information contact Michelle Chettoa, SAS Institute, 011 713 3400, www.sas.com/sa