What Comes After Sarbanes Oxley?
The Sarbanes Oxley Act was passed in 2002 to curb accounting
abuses that led to the bankruptcy and financial ruin of several
major companies, and the loss of billions of dollars to
investors who have every right to expect their money to be safe.
The Sarbanes Oxley Act is a major auditing nightmare for most
companies, though no one is questioning its necessity.
When it was first implemented in 2002, almost every company's
finance and accounting related projects were delayed. Why? Tons
of new paperwork was generated, and IT projects designed to
track everything required by the Sarbanes Oxley Act had to be
implemented as quickly as possible.
One of the unforeseen effects of the Sarbanes Oxley Act
implementation was the delay of hundreds of thousands of
corporate projects because their timing interfered with end of
month, end of quarter, or end of year accounting procedures.
Project managers had to digest and prepare for the Sarbanes
Oxley Act and its accounting ramifications.
We do know what to expect now. When you implement Sarbanes Oxley
fixes at your company, overburdened finance and accounting
offices will be slow to respond at key auditing deadlines.
Managers should try to schedule anything affecting accounting to
fall either before or after these deadlines.
Project managers and others will also need to take SOX into
consideration if they develop a project for any auditable
function. An audit trail is now vital no matter what the
project; whether the project is internal or being developed for
a customer, the lack of an audit train guarantees trouble for
someone down the road.
Many managers complain that a half-decade of project
streamlining has been completely negated by the Sarbanes Oxley
Act, with the generation of reams more paperwork suddenly taking
up all the time that had been freed by computer hardware and
software advances. It's not easy for a corporation to absorb all
the impact of the Sarbanes Oxley act.
The Future of Sarbanes Oxley
The Sarbanes Oxley Act is here to stay. Unfortunately, this will
force managers to place another layer of compliance checks on
every project and every standard operating procedure that
directly generates or costs money. Eventually, the new controls
will be integrated into the old way of doing things, but for now
it's vital that they not only exist, but also be clearly
separate and obvious to anyone looking for them.
Privately-held companies, luckily for them, don't have to comply
with the full Sarbanes Oxley Act regulatory set, nor do
nonprofit organizations. If you fall in this category, you
should probably hire a consultant specializing in Sarbanes Oxley
to determine what parts of the act you will have to worry about.
Even if you're not required by law to do so, you should consider
implementing anything that's easy to use; Sarbanes Oxley is
tomorrow's normal way to do business, and adjusting now will
probably save lots of grief in the future. Also, at any time
that a privately-held or nonprofit corporation interfaces with a
publicly held company (such as when you send credit card numbers
to VISA to process), you will have to implement some significant
controls.