Sarbanes-Oxley: Road to Compliance - Page 3

Sarbanes-Oxley compliance requires more than just a new documentation system.

John Imperato, vice president of finance at Viasys Health Care Inc., saw compliance as an opportunity to get a standardized financial reporting system in place at his companys multiple business units. Until recently, each unit had its own reporting system, with nonstandard processes and consolidations done manually by e-mailing Microsoft Corp.s Excel spreadsheets back and forth.

Viasys is now in the final stages of implementing Cartesis Inc.s Magnitude financial reporting software companywide for internal and external reporting.

"The same general product categories [at different business units] did not update together," said Imperato. "Every one of the companies had their own reporting systems."

Keeping up with Sarbanes-Oxley

Five steps to compliance

  • Planning Form compliance committee, select software to assist in compliance process
  • Scoping Determine what information needs to be documented and is material to company
  • Documentation Document business processes and controls in place to ensure information is accurate
  • Gap analysis Identify and remediate inadequate controls
  • Implementation, evaluation and monitoring of controls Document and update controls as needed, then turn them over to audit team, which evaluates depth and effectiveness of controls; develop ongoing process for monitoring controls

With Magnitude deployed throughout the company, all accounting systems update at the same time and link to a central consolidation system, Imperato said. Magnitude also allows Viasys to drill down into reports to get general ledger and sales information on specific products.

"Compliance was a big issue, but there were management issues as well," Imperato said. "Now well have a lot more confidence that our information and numbers are complete and accurate."

At Viasys and other companies, Sarbanes-Oxley compliance is spearheaded by and is the ultimate responsibility of the finance department. But as the examples illustrate, compliance ties into typical IT department challenges, such as application and data integration, particularly when different divisions and companies are involved.


Next page: ITs Role in Compliance