The Fear of All Sums

The Sarbanes-Oxley Act, passed by the U.S. Congress in 2002, represents the most sweeping legislation to hit corporate America since the end of the Great Depression. Its regulatory requirements affect all public companies that are traded on U.S. markets. Sarbanes-Oxley has raised the bar for corporate executives, who now face up to 20 years in prison and fines of as much as $5 million for engaging in deceptive practices. Honest mistakes are no longer tolerated – by either the SEC or investors. In fact, market values of companies now plummet at any suggestion of wrongdoing.

The Executive Conference at this year's SAS Users Group International (SUGI) gathering featured a diverse panel of experts who discussed the prospective impact of the Sarbanes-Oxley Act on U.S. businesses. Randy Guard, director of solution strategy at SAS, moderated the panel, which featured Jonathan Karpoff, the Norman J. Metcalfe Professor of Finance at the University of Washington Business School; David Klementz, CFO of Progress Rail; Irving Tyler, CIO of Quaker Chemical Corp.; Robert Walley, principal in Deloitte & Touche's Capital Markets Group and head of the Technology Architecture Serviceline; and Phil Strand, worldwide strategist for financial intelligence solutions at SAS.

Here are just a few highlights from the panel discussion.

Randy Guard: Dr. Karpoff, give us a brief introduction to some of the recent regulations, specifically Sarbanes-Oxley, and then some of the impacts for companies that don't comply.

Jonathan Karpoff: Sarbanes-Oxley is a sweeping federal attempt to increase transparency and accountability at the corporate level, and it has many different provisions. Some provisions try to tighten up corporate governance. For example, one requirement is that the firm's audit committee consist of only independent directors. Other provisions require new reporting duties of corporate managers and the firm. Still other provisions increase criminal penalties for some existing accounting misrepresentation rules and create new criminal penalties for securities fraud. Then there new rules that attempt to guide the way auditors and securities analysts interact with firms.

But of all these rules, the ones causing people to stay awake at night are the new reporting requirements. As of September 2003, CEOs, CFOs and auditors must certify the adequacy of the firm's internal control processes. This comes out of Section 404 of Sarbanes-Oxley. This section requires firms to figure out what their internal control monitoring and accounting counting processes are, document them and fix them, if necessary, all within a pretty short time horizon.

I also think we would be remiss if we just focused on the regulatory efforts to encourage greater ethical behavior at the corporate level. Because as large as these regulatory efforts are and as significant as the headaches might be, in many cases they are small potatoes compared to the market penalties that are imposed on firms for various types of misconduct.

Guard: David, share with us the CFO perspective on some of the different roles and responsibilities you're encountering and some of the experiences that you've come across since you started at Progress Rail.

David Klementz: Data integrity has always been important to sound business. The marketplace has never been tolerant of restatement or errors in financials. And I think the intolerance has grown, the risk is higher, and the pressure greater for better and higher degrees of integrity in financial data. When I got to Progress Rail, we had done 28 acquisitions of varying sizes in three years with very little integration. We had multiple financial systems, multiple financial reports, multiple performance measures ... a lot of information. I spent a chunk of my time first just looking at the data and trying to understand what I was looking at and understanding variances in data. I would ask, "Why is this report different from that? It should be the same." And the answer was, "Well, that's because." And as CFO, that doesn't give you a lot of comfort.

A lot of our consolidated financial management reports were being done in Excel or other systems just to get the reports done on time. So my first priority was to say, "What is our data source for all financial information? What is going to be the data source that we do all business analysis and financial preparation from?" I got the group together and we standardized the analysis so that the decisions that we were making were the right decisions based on fact, not intuition. My initial focus to help get us there was standardizing our business plan, our strategic plan, financial systems, financial sources, financial records and, ultimately, our performance metrics so that we are measuring and doing the right things. We ultimately went to a SAS solution for this for our forecasting, planning and consolidation tools and to automate our performance scorecard. The key point there is while I was getting financial data faster and I was getting transparency to my financial data, I was also shifting the organization's thinking from being a transaction-based organization to an organization that provided business analysis and was looking forward. This put us in a better position to react to market conditions and changes in our environment and to make sound business decisions.

Going to a robust financial solution did several significant things for us. First, it allowed me to get more accurate, timely financial data. We went from a consolidated financial standpoint in 11 days down to six days – and we're still going further with that. But we also got our business unit information done in four days. Secondly, it really shifted our organization from being, again, a transaction-based, get-the-reports-done organization to a forward-looking organization. And my team's time is now being spent on forecasting, better planning, better management and explaining variances. The final thing, and maybe most important, was that it has definitely evolved and changed our business-decision process. We've gone from an organization that relied on intuition to an organization that makes decisions on a sound basis with sound data based on facts. And I think that's the biggest shift we've seen.

Guard: Irving, give us the CIO perspective here. What different roles are you encountering and what impact is this having on your IT organization?

Irving Tyler: We've seen an increased interest level from various parts of the organization – the board of directors being one – in how these pieces of information are delivered around our enterprise.

We're a very global company. We have operations all over the world and yet, being a very small company, people are concerned that things are happening in the world for which they are responsible but they don't understand. And so the visibility that we've been trying to deliver for the last five years, by using various types of data warehouse techniques and business analytics, really has empowered our business managers to not fear a lot of these concerns because they really feel like they already know what's happening. The visibility is already there, so there's less of an opportunity for mistakes, either intentional or otherwise, to crop up and cause integrity problems. What we now see is a greater emphasis on internal control. Again, that's something that has always been part and parcel of every system that we ever put into our enterprise. We've moved more toward a process-based organization which, by design, is trying to empower people by giving them more access to more information across the enterprise, not just in terms of certain silos, [where] only financial data goes to only financial people. We've now started to see some conflict in the sense that part of our organization wants to increase the regulation and control over that information, vs. other people who are still trying to use that information to leverage our strategic assets.

Our role in IS [information systems] is to help educate and find the right balance between these two schools of thought as we try to deal with people who are just more nervous than they will likely be, hopefully, a year or two from now as we learn how to apply these new regulations.

Guard: Bob, let's hear from the regulator's perspective. What's going on out there in the market, and how is regulation a good driver for good business?

Robert Walley: What we've seen in the last year are the challenges of good corporate behavior, where the bad apples have upset the apple cart and where the pendulum has swung the other way – from too little regulation to a heavy regulatory environment. Regulators are trying to put in place a number of key monitors and enforcement bodies to ensure that the boards and the public companies are actually practicing the way they should be practicing. I think what we see is much greater disclosure of the independence issues of the boards as a whole and the board members. The organizations themselves are actually going through an entire education process.

The stock exchanges are the ones actually responsible for the enforcement of the new legislation, and they are also out there trying to educate the industry and help public companies prepare for the new legislation to take effect. One of the questions has been: what happens when companies aren't going to comply and they step out of bounds? There will be new procedures in place – one being a reprimand letter that a listed company can receive. The other – I guess the ultimate penalty – is that they can be delisted. From a financial, economic and reputational perspective, these new procedures and regulations cannot be ignored. A lot of companies are putting a lot of effort into the 404 reviews and trying to build some tools around the monitoring process and the assessment process to determine where they stand from an internal audit standpoint.

Guard: Phil, we've heard a little bit about the regulatory environment. We've heard about the corporate environment and how companies are taking action. Tell us a little bit about the value and the need for enterprise financial intelligence.

Phil Strand: Things are evolving. In a recent survey by CFO magazine, a comparison of CFOs over the last five years found that 91 percent of them said their jobs are more difficult now than before, 62 percent said they believe they're working longer hours now than before, 54 percent said the success of their position is more difficult now and they're looked upon more as the corporate police. So let's see, evolving. Before, run the numbers. Now, drive the business. Before, have a board of directors that was fraternal. Now, have a board of directors that's more vigilant. Before, it was OK and acceptable to make a mistake. Now, you make a mistake you're going to jail for 20 years and a $5 million fine. Evolution is happening.