Sarbanes-Oxley compliance requires more than just a new documentation system.
John Imperato, vice president of finance at Viasys Health Care Inc., saw compliance as an opportunity to get a standardized financial reporting system in place at his companys multiple business units. Until recently, each unit had its own reporting system, with nonstandard processes and consolidations done manually by e-mailing Microsoft Corp.s Excel spreadsheets back and forth.
Viasys is now in the final stages of implementing Cartesis Inc.s Magnitude financial reporting software companywide for internal and external reporting.
"The same general product categories [at different business units] did not update together," said Imperato. "Every one of the companies had their own reporting systems."
Keeping up with Sarbanes-Oxley
Five steps to compliance
Planning Form compliance committee, select software to assist
in compliance process
Scoping Determine what information needs to be documented and
is material to company
Documentation Document business processes and controls in place
to ensure information is accurate
Gap analysis Identify and remediate inadequate controls
Implementation, evaluation and monitoring of controls Document
and update controls as needed, then turn them over to audit team,
which evaluates depth and effectiveness of controls; develop ongoing
process for monitoring controls
With Magnitude deployed throughout the company, all accounting systems update at the same time and link to a central consolidation system, Imperato said. Magnitude also allows Viasys to drill down into reports to get general ledger and sales information on specific products.
"Compliance was a big issue, but there were management issues as well," Imperato said. "Now well have a lot more confidence that our information and numbers are complete and accurate."
At Viasys and other companies, Sarbanes-Oxley compliance is spearheaded by and is the ultimate responsibility of the finance department. But as the examples illustrate, compliance ties into typical IT department challenges, such as application and data integration, particularly when different divisions and companies are involved.
Next page: ITs Role in Compliance