Think outside the SarbOx

Companies will have to come to terms with transparency to comply with the Sarbanes-Oxley bill

After two years of writing Wireless World, in which I tried to balance the need to inform readers about worthwhile technologies with the need to debunk the worthless, I'm broadening my perspective beyond wireless while keeping the same philosophical approach. This, then, is the first installment of my new column named -- I hope appropriately -- Reality Check.

It's a new world. I doubt if there is a CFO or chief technologist at a public company that doesn't know about the Sarbanes-Oxley bill -- or SarbOx, as many are calling it -- and the SEC regulations that came out of it.

Section 404 -- the fact that we are talking about the 404th section of the regulations should give you an idea of its scope -- states that companies not only have to prove the verity of their financials but at the end of the year they must certify their internal control infrastructure.

There appears to be two ways to go to monitor that infrastructure for compliance. One is to add a content management component to your processes, such as IBM's DB2 Records Manager or Resources Audit Solutions' Policy IQ.

According to Stephanie Woodruff, global managing director at Resources Audit Solutions, in Costa Mesa, Calif., the current ERP packages don't have a self-assessment component or the monitoring features required to comply with section 404.

"Speaking from an ERP level, the big packages were never really written to address Sarbanes-Oxley," Woodruff said.

However, ERP companies such as Peoplesoft in fact are creating new modules to make their major applications SarbOx-compliant.

The point is that in order to comply and swear under oath, so to speak, CEOs and CFOs will have to do more than get their arms around polices and procedures; they'll need to have a more intimate knowledge of business processes as well.

Yes, IT departments will have to revamp in order to comply with Sarbanes-Oxley, but the really challenging phenomenon is the notion of transparency.

I spoke with Susan Foley Kane, vice president of product marketing at the financial management division of PeopleSoft, in Pleasanton, Calif.

To help its customers become SarbOx compliant, PeopleSoft began shipping this quarter a module called Investor Portal that provides a vehicle for publishing and delivering communications about a company's financial health to key stakeholders over a portal. Kane points out that as part of that public portal, companies must not only publish the numbers, but they must report "in real time" any material changes that happen in the business. "Something as simple as a large marketing expenditure," Kane said.

Now that it is interesting.

In the past, companies have designed their processes around the theory of opaqueness, as James Champy says in his book X-Engineering the Corporation.

But with regulatory agencies such as the SEC pulling on one side and the big gorillas such as Wal-Mart and Dell on the other pushing their suppliers to open up their processes so as to lower their own costs by having a better understanding of what the real landed costs of goods are, companies are being asked to reveal the full monty.

The good news is that both Kane and Champy see openness as a competitive advantage. They see it increasing investor confidence and allowing senior managers to base decisions on all available information and to work more realistically with their supply chain.

But at the end of the day, transparency will only become a successful business practice by a realignment of the priorities between finance and IT, not by the whip hand of the SEC or the push by those big gorillas.

Oh, I almost left out and the newest member of the executive team, your CCO (corporate compliance officer).

Is SarbOx wreaking havoc in your company, or do you see long-term advantages? I'd like to know what you think.