Sarbanes-Oxley Balancing Act

New tools to help companies comply with financial reporting requirements.

U.S. public companies have been paying for the financial scandals at Enron Corp., Global Crossing Ltd. and WorldCom Inc. for months—and another large bill is about to come due.

The Sarbanes-Oxley Act, enacted last year in response to Enron, et al., requires companies to make new disclosures on internal controls, ethics codes and the makeup of their audit committees on annual reports. The requirements will challenge IT managers with a Y2K-like task that AMR Research Inc., in Boston, estimates will cost as much as $2.5 billion.

Of particular interest is Section 404 of Sarbanes-Oxley, which requires companies to perform a self-assessment of risks for business processes that affect financial reporting.

Last week, the Securities and Exchange Commission—which is charged with enforcing the act—voted unanimously to adopt the rule and form amendments to implement Section 404 requirements so that publicly traded companies with a market capitalization of $75 million or more will have to comply with these regulations for fiscal years ending on or after June 15, 2004. Smaller businesses and foreign-owned companies have until the fiscal year ending on or after April 15, 2005, to comply.

The requirements are forcing companies to be more thorough about ensuring the validity of their financial numbers and documenting internal controls and procedures used to arrive at those numbers.

Some IT managers are nervous.

"I dont think we as an IT organization understand everything we need to do ... what has to happen or what will be tracked by these tools," said Gary Bronson, director of IT enterprise operations at Washington Group International Inc., in Boise, Idaho, and an eWEEK Corporate Partner. "Last month, our [chief financial officer] addressed the leadership of the IT organization to say, Heres what Sarbanes-Oxley means to us in laymens terms: I go to jail if this information is not accurate or if anything is inappropriate. The message is clear: We need to do everything necessary to keep our CFO and CEO out of jail.

"Thats whats scary about this," Bronson said. "Its an aftermath of Enron. Government comes in, shoots from the hip and tries to cover everything in one fell swoop. Its probably pretty open-ended."

WGI, a construction and engineering company, is still working with its accounting team to decipher the Sarbanes-Oxley requirements and has appointed a vice president whose sole responsibility is to head the companys compliance efforts.