What Comes After Sarbanes Oxley?
The Sarbanes Oxley Act was passed in 2002 to curb accounting abuses that led to the bankruptcy and financial ruin of several major companies, and the loss of billions of dollars to investors who have every right to expect their money to be safe. The Sarbanes Oxley Act is a major auditing nightmare for most companies, though no one is questioning its necessity.
When it was first implemented in 2002, almost every company’s finance and accounting related projects were delayed. Why? Tons of new paperwork was generated, and IT projects designed to track everything required by the Sarbanes Oxley Act had to be implemented as quickly as possible.
One of the unforeseen effects of the Sarbanes Oxley Act implementation was the delay of hundreds of thousands of corporate projects because their timing interfered with end of month, end of quarter, or end of year accounting procedures. Project managers had to digest and prepare for the Sarbanes Oxley Act and its accounting ramifications.
We do know what to expect now. When you implement Sarbanes Oxley fixes at your company, overburdened finance and accounting offices will be slow to respond at key auditing deadlines. Managers should try to schedule anything affecting accounting to fall either before or after these deadlines.
Project managers and others will also need to take SOX into consideration if they develop a project for any auditable function. An audit trail is now vital no matter what the project; whether the project is internal or being developed for a customer, the lack of an audit train guarantees trouble for someone down the road.
Many managers complain that a half-decade of project streamlining has been completely negated by the Sarbanes Oxley Act, with the generation of reams more paperwork suddenly taking up all the time that had been freed by computer hardware and software advances. It’s not easy for a corporation to absorb all the impact of the Sarbanes Oxley act.
The Future of Sarbanes Oxley
The Sarbanes Oxley Act is here to stay. Unfortunately, this will force managers to place another layer of compliance checks on every project and every standard operating procedure that directly generates or costs money. Eventually, the new controls will be integrated into the old way of doing things, but for now it’s vital that they not only exist, but also be clearly separate and obvious to anyone looking for them.
Privately-held companies, luckily for them, don’t have to comply with the full Sarbanes Oxley Act regulatory set, nor do nonprofit organizations. If you fall in this category, you should probably hire a consultant specializing in Sarbanes Oxley to determine what parts of the act you will have to worry about.
Even if you’re not required by law to do so, you should consider implementing anything that’s easy to use; Sarbanes Oxley is tomorrow’s normal way to do business, and adjusting now will probably save lots of grief in the future. Also, at any time that a privately-held or nonprofit corporation interfaces with a publicly held company (such as when you send credit card numbers to VISA to process), you will have to implement some significant controls.