Public Company Accounting Reform and Investor Protection Act

Compliance Journal

Subscribe to Compliance Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Compliance Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Compliance Journal Authors: Cloud Best Practices Network, Fouad Khalil, Mark Leake, Todd Matters, Elizabeth White

Related Topics: Compliance Journal, U.S. Federal Law, SOA & WOA Magazine, Sarbanes Oxley on Ulitzer

Compliance Journal: Article

Sarbanes-Oxley Will Change Your Life

Sarbanes-Oxley Will Change Your Life

This column may require a little patience on your part, but I think it will be worth it in the end. Let's start with a simple premise: within a year, nearly everyone reading these words will be deeply impacted by Sarbanes-Oxley, yet many have never heard of it. The purpose of this note is to offer you a preview of what's to come. In other words, a wake-up call.

First of all, who or what is Sarbanes-Oxley? Simply put, the Sarbanes-Oxley Act (SOA) is the federal law that was put in place last year in response to the scandals at Enron, MCI, and other large public corporations. The law contains a wide variety of provisions around improving corporate ethical behavior, including assurances that companies' financial statements accurately reflect the state of their business. And it puts teeth into those provisions with heavy fines and prison for senior executives if their companies do not comply.

Why, then, is this month's guest editorial in XML-Journal about federal legislation? After all, this is a technology magazine. Why isn't this a technical editorial about the Semantic Web, RSS, or InfoPath? Well, sometimes it's better to come out from under the technology, and remember why we build this stuff. Usually, the reason is to serve a business, quite often an American public company. If you work for such a company, then you need to understand the implications of Sarbanes-Oxley, because its provisions apply to every publicly traded American company.

Remember Y2K, and the pervasive impact it had on all of our lives just a few years ago? Sarbanes-Oxley is every bit as pervasive as Y2K, but it has no end. Every system that impacts your company's financial statements - even indirectly - will be impacted by Sarbanes-Oxley, presumably forever.

This brings us to the burning question: "How does Sarbanes-Oxley affect me?" After all, this magazine targets XML technologists, and Sarbanes-Oxley is just about reporting accurate financial numbers, right? Actually, no. And it's here that the subject gets interesting.

What is XML all about? Integration of course. XML provides a platform-independent mechanism to integrate disparate, heterogeneous computer systems. What is Sarbanes-Oxley compliance all about? Well, it's about the integration of information across large, heterogeneous organizations in a highly controlled manner. Sound familiar?

Consider this. A key provision of the Sarbanes-Oxley Act (a provision known as Section 404) is that companies must (a) document every business process that impacts their financial reports, and (b) put systematic controls into place that ensure that these business processes produce accurate data. Sounds simple, right? All you have to do is document every single process in your global, multibillion dollar company, and then put controls in place to make sure that the processes execute flawlessly. And if you get it wrong, you can go to jail. As you can imagine, companies are scrambling right now. And matters are only made worse by the deadline for compliance, which for most companies is 2004.

So how will these controls be implemented? I thought you'd never ask.

Many business process controls are being implemented today with manual solutions, such as spreadsheet-based data consolidation, checklist procedures, and other similar solutions. Given the time pressures of Sarbanes-Oxley, and the enormity of the task, there is simply no alternative to these manual, one-off answers. But how long will these manual controls be allowed to exist? After all, like nearly all manual systems, they will be expensive to implement and monitor, prone to failure, and - most important - they simply will not scale well. Remember that these are controls that must cross organizational boundaries, diverse geographies, and heterogeneous systems.

I believe it is self-evident that the CFOs and corporate auditors who today are driving the implementation of mostly manual Sarbanes-Oxley controls will soon turn to the CIOs, seeking cost reduction, better automation and quality control, and scalable solutions. To whom will the CIOs turn? To you. They will look to the integrators; the architects and technologists with the ability to leverage a platform-independent mechanism that can implement enterprise-wide business processes and controls. They will look to you to be the agent of change. Are you ready?

More Stories By Andrew Astor

Andy Astor is co-founder, president and CEO of EnterpriseDB. Prior to EDB, he was a vice president at webMethods, Inc., where he was responsible for technical marketing, corporate acquisition integration and standards leadership and evangelism. While at webMethods, he was elected twice to the Board of Directors of the Web Services Interoperability Organization (WS-I), and he served as that organization's Marketing Chair. A frequent speaker at industry conferences, Andy is also on the International Advisory Board for SOA Web Services Journal.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.