No magic wand for compliance

Unfortunately, and despite what some ‘cheeky’ software companies would tell you, no such product exists.

Instead, the battle to deal with the Sarbanes-Oxley Act, and in particular the internal controls requirements of section 404, is a long-winded and onerous task.

The good news? IT can greatly help with s404 preparation, and the relaxation of the deadline for Sarbox compliance has given UK companies another year to get up to speed.

But time flies, and FDs putting their feet up and putting off Sarbox compliance will find themselves with too much to do next year, and end up going to the same software companies for a ‘solution’. This kind of attitude will not be rewarded by your friendly auditor.

So, what IT will you need? Well, the first stage is to document all the processes that occur as the business operates. This is a huge task, but can be achieved through hard work and just a sprinkle of IT. There are products available to help collate this data.

Then you’ll need to get these processes embedded into your enterprise resource planning system. ‘Document management’ and ‘business process management’ companies will claim to deal with this, but be wary as many have jumped onto the compliance bandwagon. So it probably a good idea to seek professional advice.

But just when you think all those lovely processes are being managed perfectly, your auditor will ask what system checks you have in place to safeguard access to sensitive transaction information. Well, there’s software available for that as well.

So, if you want to avoid prison, or ‘the pen’ as they say in the US, start talking now to business advisers, consultants and software companies and get compliant.

Oh, and before I forget, this kind of exercise could even streamline your business processes and help your operation run more efficiently ð but I’ll save that story for another day.

Kevin Reed edits the technology page for Accountancy Age

Related reading