SOURCE: eProject

October 27, 2005 10:27 ET

How to Reduce SOX Chaos and Cost Through Automation

For Sarbanes-Oxley Compliance, Streamline Visibility, Control and Processes With Web-Based Software

SEATTLE, WA -- (MARKET WIRE) -- October 27, 2005 -- For the majority of corporations, compliance with Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) has rapidly become an expensive and complex proposition. Surveys reported at the 2004 SEC Conference on Sarbanes-Oxley 404 showed that the effort involved in 404-compliance is resulting in double and triple the amount of work originally estimated and involves tens of thousands of hours.

The year 2004 also saw company executives opening their coffers in an effort to implement the internal controls necessary to achieve 404-compliance at virtually any cost. This "open checkbook" policy meant that while some funds were spent wisely, money was also wasted.

Along the way, an army of consultants and advisory firms were hired (and sometimes fired just as quickly). In sum, there was a feeling of chaos as companies sought to comply with unfamiliar processes and controls.

Throwing money at this problem doesn't necessarily solve it. The answer is that companies need to streamline visibility, control, and processes.

In most companies, SOX 404-compliance is treated as a separate project, independent of the rest of the organization. This "silo" mentality creates a wall between those responsible for reporting and controls and those who are involved in day-to-day processes.

Instead, SOX compliance needs to be integrated back into the day-to-day operations of the enterprise. This means shifting responsibility for testing and documentation to process owners. In other words, you must decentralize to reduce costs.

However, it's difficult for 404-compliance owners to transfer responsibility due to lack of visibility into the schedules, status, and issues of process owners spread throughout the enterprise. In addition, the change control process is manual, which makes it difficult to synchronize documentation, controls, and processes. Finally, many control-owners are reluctant to transfer responsibility for 404-compliance simply because they anticipate having to redo all their work from year one.

Leveraging technology to streamline visibility, control, and processes is the best way to reduce the cost of SOX compliance over the long term.

The most straightforward approach is to adopt a Project and Portfolio Management (PPM) software system, preferably one that offers pre-built templates for 404-compliance and supports the Internal Control Integrated Framework established by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

This software should serve as a central repository of all documents, with role-based access for stakeholders. Web-based access is essential to ensuring that various team members across the globe can easily get to the right version of a document.

PPM software also makes sure that change control is implemented on all documents. As a result, processes, risk matrices, tests, and evaluations are always in synchronization. Scheduling of tests (measuring operational effectiveness) and evaluations (measuring design effectiveness) is centralized, with visibility to all. This ensures nothing "slips through cracks" as responsibility is transferred to process owners.

It is equally important that stakeholders still retain an appropriate level of visibility into all documents, test schedule, results, issues, and status. Again, visibility should be driven by a role-based access model. For example, the SOX Program Manager has automatic visibility into key issues and status; she has control and visibility of any task that she owns but someone else has to execute.

By streamlining, process owners have more time to focus on the business, resulting in increased efficiency and revenue. Private companies also have better prospects for acquisition (or any other liquidity event) once they are SOX compliant.

About eProject

eProject ( delivers the only on-demand project and portfolio management solution for the extended enterprise. eProject is an intuitive, unified platform that enables users to maximize project ROI by compressing project cycle times, identifying best practices and optimizing resource allocations, with rapid deployment and quick adoption. eProject is used by more than 350 companies worldwide including BASF, BP, Cushman and Wakefield, Dow Chemical, Honeywell and T-Mobile.

Contact Information

  • Contact for eProject
    Martin Levy
    Martin Levy Public Relations
    Email Contact