Conventional wisdom says there's no financial return in meeting the fraud-fighting requirements of the Sarbanes-Oxley Act.
For Bob Travatello, the benefit of complying with Sarbanes-Oxley is calculated in prison time: "The ROI is keeping my CEO and CFO out of jail."
Travatello is chief information officer for Blue Rhino, a Winston-Salem, N.C., provider of propane gas cylinders for backyard grills. Like counterparts at every public and many private companies, he plans to change processes, document them and install new software to comply with requirements of the Sarbanes-Oxley Act of 2002. Hed also like to pin down some kind of return to justify the expense.
The law, born in a flood of financial deception and fraud that has cost investors and employees tens of billions of dollars, requires a companys CEO and CFO to vouch for the financial results at their companies.
That provision went into effect in July 2002; and chief executives have been signing on the dotted line.
But the real stickler of Sarbanes-Oxley is Section 404, which puts executives on the hook for instituting internal processes and controls to detect and prevent fraud.
Indeed, Bearingpoint disclosed in its annual report late last month that it would change its processes after auditor PricewaterhouseCoopers found parts of its internal accounting systems and documentation to be "material weaknesses."
Companies such as Blue Rhino, which has a fiscal year ending shortly after section 404s June 15, 2004 deadline, will be guinea pigs for whether a company can effectively institute additional approval and control steps for paying invoices, receiving materials and such. The controls will also mean adding additional fields and codes to existing financial systems, to comply with Sarbanes-Oxley requirements.
The law sets fines of up to $5 million with imprisonment of up to 20 years if executives willfully certify results without complying with requirements.
Quips about jail time aside, Travatello does expect Sarbanes-Oxley to eventually deliver a return because compliance will make his company more efficient and clarify processes such as invoicing. Before Sarbanes-Oxley, if a Blue Rhino delivery driver picked up an invoice with the wrong price and date, one employee could correct the problem by amending the invoice. Under Blue Rhinos new approach, that incorrect invoice would be voided. The driver would have to start a new payment ticket.
Need to calculate the costs of Sarbanes-Oxley? Click here to plug in the numbers.
Even planned modifications for financial systems are affected. Prior to Sarbanes-Oxley, one of Travatellos programmers could change a system with one approval. That programmer could make the change, test it and hand off to a second person to make it live. Blue Rhino now requires three approvals and a new worker to handle each step of the change.
"In the past you were trusted to do your job," he says. "Now its about multiple approval codes."
Blue Rhino is using Metastorms eWorks package to streamline and track its business processes. The software will follow Blue Rhinos workflow and create documentation for each approval to create a trail for auditors.
"I do expect there to be some kind of ROI," says Travatello. "But we havent put a number on it because were identifying what we need to do. After were done well get an ROI. Its important for people to realize it wasnt a waste of money."
Some technology executives laugh off questions about Sarbanes-Oxley ROI as purely hypothetical. Others dont want to talk about it. Executives at large companies such as trucking company Yellow Corp. and insurance firm, the MONY Group, declined to comment on their Sarbanes-Oxley plans or potential returns.
There may be a good reason for the silence. There may be no return.
Next page: Executives weigh options and shell out big bucks for compliance.