U.S. accounting law could affect Canadian IT departments

A U.S. accounting law that forces companies to have more transparent and responsible accounting practices will also be affecting Canadian companies, and the onus will not only be on the business, but on IT to provide the means for compliance.

At a seminar in Toronto on Thursday, Hyperion Corp. and BearingPoint Inc. explained that this law – dubbed the Sarbanes-Oxley Act – was passed on June 30, 2002 after a slew of accounting scandals rocked the U.S. It was enacted to try to protect investors and bring confidence back to the stock market after financial scandals occurred at companies such as WorldCom and Enron. Some of the provisions of the act were effective right away, but others are being phased in over the next three years.

Sarbanes-Oxley calls for financial transparency and accountability by CFOs and CEOs in attempts to stop fraudulent accounting procedures and accounting errors. Company executives will face severe penalties if they vouch for information that turns out to be false.

According to Terry Furlong, account manager at Hyperion, an Ottawa company that offers business performance management tools (BPMs), Canadian companies that are listed on American Stock Exchanges, the Toronto Stock Exchange or are subsidiaries of American companies will need to make their accounting practices Sarbanes-Oxley-compliant. Companies that do business solely in Canada will not need to comply with the law, however there have been rumours that similar laws will be passed in Canada, Furlong said.

Vic Guelewicz, manager at BearingPoint based in Liberty Corner, N.J., said the main focus in the U. S. financial industry has been on Section 404 of the Act which demands increased responsibilities for Boards and Audit Committees, new attestation standards for external auditors, certification of results by CEOs and CFOs and involves increased penalties for wrongdoing. Compliance for this section has been moved back to June 15, 2004 from Sept. 15, 2003.

However, Guelewicz added that Sarbanes-Oxley is not just about gaining control of financial process, but is also about leveraging and implementing the technology required to enable it. He recommended that companies take a pilot project approach and start first by establishing a control environment that will be the foundation for how information is handled. Secondly, he said a company needs to perform risk assessment and establish the scope of the project and objectives that are well-documented.

Thirdly, he said that a company needs to control its processes and establish how information flows throughout the company. This is where new policies and possibly new applications come into the mix such as BPM and enterprise resource planning (ERP) tools.

The fourth step is ensuring that information is readily available in a timely fashion to users who need it, and finally Guelewicz said monitoring and testing are crucial. He recommends that companies hire an external auditor to test out compliance with Sarbanes-Oxley and bring in consultants to help suggest technology enablers.

Furlong said companies need to consider implementing packaged applications such as BPMs because users would get the best functionality in the fastest time to benefit. They would also get upgrades as standards evolve and maintenance.

He said that some companies are looking towards general ledgers and ERP systems, but he noted that these provide limited reporting capabilities and are difficult to integrate with other systems. He also cited Microsoft Corp.’s Excel application – which is widely used for financial reporting in companies – as inadequate in this instance because it is not capable of addressing enterprise scalability needs.

Furlong also said online analytical processing (OLAP) tools are adequate if a company wants to take the build approach, but he said it might be difficult for users to maintain and upgrade once standards change.

However, Guelewicz said there is not just one right way to do this, and that before starting to build out their own solutions, companies should critically assess whether they have the expertise and the manpower to undertake such a project.

Indeed, the question of buy or build is a valid one. Remy Milad, senior business systems analyst and product manager at CNA Canada, a Canadian subsidiary of Chicago-based insurance company CNA, said that his company is still in the discovery process. He said the big question with this project is where to begin – that is, CNA Canada is still unsure what technology solutions it will employ to become Sarbanes-Oxley compliant, and has not firmly decided between purchasing or building a solution.

He said it is possible that CNA has the technology infrastructure to comply with Sarbanes-Oxley, but the company is still in the process of assessing its needs, and added that attending seminars such as Thursday’s seminar with BearingPoint and Hyperion provides new ideas and helps with the brainstorming process.

However, one thing that Milad is sure of is that these decisions will involve not only IT, but all measures of management including the CIO, CFO and CEO.

A Web survey conducted by Hyperion, BearingPoint and Business Finance Magazine during a Webcast on April 23, 2003 showed that six per cent of the 425 respondents had systems that were already compliant with Sarbanes-Oxley. Forty-six per cent said their systems were somewhat compliant, nine per cent said their systems were not very compliant, while 39 per cent were unsure.

As for business process, two per cent of respondents said their companies were completely prepared for Sarbanes-Oxley, compared to 46 per cent who said they were somewhat compared, 12 per cent who were not very prepared and 40 per cent that were unsure how prepared their companies were.

For more information about the Sarbanes-Oxley Act visit www.sarbanes-oxley.com. Hyperion is headquartered in Sunnyvale, Calif. For more information visit www.hyperion.com. BearingPoint is based in McLean, Va. For more information visit www.bearingpoint.com.