Sarbanes Oxley and Oracle
The Oracle ERP are reaping the benefits of this new security law. Oracle version 11.5.10 and above are now SOX compliant, many North American customers are looking to upgrade or install the following versions.
What is Sarbanes-Oxley: It is one of the most significant changes to federal securities laws in history; it has been difficult and expensive to implement for publicly traded U.S. companies; and it is here to stay. Despite its drawbacks and costs, Sarbanes-Oxley has helped boost shareholder confidence, and it may even boost shareholder value by helping companies operate more efficiently going forward.
The consequences for failing to comply with certain provisions range from fines to imprisonment. consequential as SOX is, it is one section of the law that really got the attention of the executive suite. Section 404 of the act requires both the management of publicly held companies and their outside auditor firms to report on the effectiveness of the company's internal controls. Another requirement, Section 302, mandates that executives be personally responsible for financial reports, requiring their signature on the documents.
The overall increase in financial scrutiny, coupled with this new, up-close and personal tie between executive and the corporate information being disseminated by corporations--and the costs associated with it--has sparked an ongoing debate in boardrooms across the country. Earlier this year, Financial Executives International (FEI), surveyed 217 public companies and found that it took an average of 26,000 additional staff hours and about $4.3 million to fully comply with Section 404. The SEC originally estimated the tab to be $91,000 per company. Fortunately, the initially onerous financial burdens of Section 404 are now dropping. According to a recent survey conducted by the Big Four accounting firms, large public companies--over $700 million in revenue--will see their Section 404 compliance costs drop by approximately 42% in 2007; most of it related to costs incurred in the initial year for documenting internal controls.Over the course of this year, I've met with FEI member companies, auditors and committee members to discuss what lessons have been learned, and what can be done to further streamline the compliance process, further reducing costs for 2007 and beyond.The professionals repeatedly sounded two themes: details and risk. Originally, many companies and external auditors tested every process and control, even at the transactional level. But most are now moving away from such scrutiny of routine transactions, which are considered low-risk. Instead, resources are being focused on the testing of mid-level or companywide controls, putting the emphasis back into longer-term and big-picture issues by utilizing a more efficient, risk-based approach.This approach levels the playing field and adheres to capital market philosophy, by rewarding the most efficient companies and their shareholders with greater returns.
Beyond the accounting specifics of SOX 404 implementation, smart financial managers are also looking for opportunities to leverage 404 compliance work to enhance the overall business reporting process. This is especially true of large, multinational companies that can use SOX implementation as a vehicle to gain more consistency across business functions and geographies.
The first year of Sarbanes-Oxley was costly and no doubt painful for many, particularly for small- and micro-cap companies. But it is here to stay, and in typical free-market fashion, innovative, well-managed businesses have learned how not only to navigate the daunting regulations, but also to use the new rules to improve business operations.