With a Sarbanes-Oxley act deadline rapidly approaching, executives at Regis Corp. tapped into corporate compliance management software to help them comply in time.
Regis owns and operates more than 9,700 salons—including the Supercuts and Vidal Sassoon brands—worldwide. Based in Minneapolis, the company employs about 49,000 people. It has doubled in size every seven years, according to Kyle Didier, vice president of finance at Regis, who expects the company to continue to expand at that rate.
The company is currently focusing on Section 404 of Sarbanes-Oxley, which spells out the requirement that CEOs and chief financial officers certify the effectiveness of the financial controls they have in place. For almost a year, the companys finance and operations divisions have been working together to document these financial controls and are testing them in preparation for a public audit this spring.
“The burdensome part of Sarbanes-Oxley is that weve more or less been complying forever; we just havent been documenting all of our processes,” said Didier. “We didnt have a huge deficiency, but there were areas for improvement. Working on Sarbanes-Oxley has definitely allowed us to look at functional processes to examine where key controls lie and improve our efficiency.”
One of the biggest challenges Regis faces is complying with Sarbanes-Oxley without disrupting business at its salons. With financial reports and earnings coming from so many salons, Regis relies on salon managers and district supervisors to provide detailed and accurate data.
“We want to send out the message that there are no Sarbanes-Oxley police in this company,” Didier said. “At the same time, we want to emphasize that we are culturally committed to making sure everything is the way it should be. Breakdowns and bottlenecks need to be eliminated.”
Regis did not want to be highly dependent on integrated systems, according to Jeff Savage, senior director of financial reporting at Regis.
In addition, in an effort to comply with the regulations as cost-effectively as possible, Regis nixed expensive services and monolithic software packages in favor of doing all compliance-related work internally after consultation with a third-party IT services provider.
To ensure that this compliance work stayed on track, Didier and Savage deployed Certainty corporate compliance management software from Movaris Inc. The software documents, monitors, tests and reports on Regis compliance requirements following internal control definitions set by Didier and Savage.
Didier expects to spend about $2 million on Sarbanes-Oxley compliance, a figure that includes the cost of an independent audit by an accounting firm. He estimates Regis will spend about $100,000 of that on the Certainty application.
But because compliance—and managing that compliance—is an ongoing process, Regis expects to save as much as $100,000 in labor and associated Sarbanes-Oxley costs using Certainty, Savage said. The software will automate a checks-and-balances system in the company to ensure that documentation is provided and accounted for when necessary.
Experts say compliance management software will be critical to ensuring that companies can comply with growing obligations while containing costs.
“The Sarbanes-Oxley Act and associated regulations from the Securities and Exchange Commission and the Public Company Accounting Oversight Board have fundamentally changed what companies need to accomplish around financial reporting by increasing the formality and scope of processes and controls,” said Lane Leskela, an analyst at Gartner Inc., in Stamford, Conn. “Compliance management software will be critical to ensuring that companies can comply.”
At Regis, Savage and Didier are using Certainty to test key controls that ensure documentation is in place and goes to the right department heads. Certainty sends out notifications to line managers, for example, to collect important data and organizes that information.
All information is collected in a central repository, making it easier for independent auditors to verify Regis compliance with Sarbanes-Oxley. If a line manager forgets to send required information, notification is sent to the finance department.
Already, the software has begun to help employees adjust to the rigorous requirements of Sarbanes-Oxley, according to Didier. For example, last month, as Regis board of directors began to audit the companys 10Q filing, Certainty reminded board members via e-mail that changes needed to be documented. The software also followed up on the retention of those records.
“Our job is to make sure departments live and breathe Sarbanes-Oxley because it fundamentally changes some of our existing processes,” Didier said. “This isnt an exercise; its a way of life. We have to find a way to comply because its now a part of our livelihood.”