• 04Dec

    Compliance News

    Sarbanes Oxley compliance becoming easier

    Firms are improving their Sarbanes Oxley compliance activities

    Rosalie Marshall, IT Week 28 Nov 2007

    US companies are improving their compliance to the Sarbanes Oxley act, according to new research released this week.

    The Sarbanes Oxley legislation was signed into US law on the 30th July 2002 after data scandals such as those involving Enron, Tyco International and WorldCom, created a need for corporate governance. The Act imposed regulatory requirements on enterprises and established stricter reporting processes and increased transparency.

    Compliance Week, a US corporate governance newsletter, has released data showing a 44.2 per cent drop in compliance weaknesses from two years ago.

    From 15th November 2004 to 15th November 2005 there were 624 weaknesses disclosed, whereas from 11th October 2006 to 11th October 2007, only 348 weaknesses were reported. Compliance week conducted its research using data from 97000 publicly listed companies.

    Matt Kelly, Compliance Week managing editor, said the decrease in breaches is a consequence of companies “learning the ropes.”

    Costs have also reduced because of the introduction of compliance systems, Kelly explained. At first companies tended to hire out outside consultants to handle audits but now tasks are brought inside to corporate staff, Kelly said.

    Also businesses are bringing in controls to satisfy a number of regulations at once, a practice Kelly calls “control mapping.” For example a business will bring in data privacy rules to fulfil both finance and healthcare types of regulations.

    However Kelly expects different results next year because small companies will start their Section 404 compliance for the first time. Until now, “most small filers (the large majority of public companies in the US) have been whistling in the dark about Sarbanes-Oxley, somehow hoping it would just go away for them,” Kelly added.

    Section 404 of the Sarbanes-Oxley Act requires publicly-traded companies to maintain internal controls of financial reporting processes, such as the General Computing Controls, which are assessed by auditors during annual 404 audits.

    Small companies needing to fulfil new compliance rules will cause more 404 weaknesses to be disclosed in total, Kelly believes. “But there is likely to be a clear break between large companies experienced with SOX, who will probably keep improving and small companies still learning the ropes and finding lots of errors,” Kelly added.

    David Rae, deputy editor at UK publication Financial Director, pointed to the not quite as onerous regulation laws in the UK; Combined Code. Rae predicts that now companies have got systems in place to implement compliance rules, there will be a similar decrease in breaches in the UK.

     

     

     

     

     

     

     

     

     

     

     

     

    Filed under: Compliance Management
    No Comments
  • 03Dec

    Sarbanes-Oxley Compliance News

    Sarbox Continues To Bite

    Matthew Kirdahy,

    11.28.07

    forbes.com

    The day is upon us when the act of corporate compliance isn’t as cumbersome as saying the actual words.
    It’s been slightly more than five years since the law was enacted (but enforced three years ago) and finally more U.S. public companies are reporting fewer weaknesses in adhering to Sarbanes-Oxley (SOX) compliance than ever before.
    Compliance Week magazine unveiled its "2007 Financial Reporting & Internal Control Benchmarking Reports," to show that across all industries, companies’ Section 404 compliance, disclosed annually, is almost squeaky clean relative to previous years.
    Citing the latest industry data that complements this study, Compliance Week said that the researcher, Audit Analytics, reported internal control weaknesses down nearly 45% in the three years since SOX went into effect. Meanwhile, weaknesses reported under Section 302 of the law–where companies must disclose every quarter what errors they’ve found and corrected–are rising.
    This actually makes sense. Both sections of the SOX legislation, which is becoming less and less controversial as it evolves, serve a similar purpose as they are meant to ensure accurate financial disclosure.
    Matt Kelly, the managing editor at Compliance Week, says companies are doing a better job at identifying problems on an interim basis, which is the intent of Section 302, thus fixing the problems before year-end, when Section 404 is reported. "The weaknesses have gone down so far because companies have just gotten used to this system and managed to sort out where their weaknesses are," Kelly says.Compliance Week is a magazine and newsletter on corporate governance, risk and compliance distributed to public company executives. Its study is based on more than 9,700 publicly traded companies’ performance in a three-year period. Each report in this study examines a host of corporate risks for nine industries. These risks include most common causes of restatements, late filings, internal control and disclosure control weaknesses.
    The major findings in the study also include data on fewer reported SOX-related late filings and the industries that show the fewest compliance weaknesses, such as financial services and utilities. "They are already regulated six ways to Sunday, so being regulated a seventh way is not really a big deal for them," Kelly says.  The report also offers insight into the audit fees associated with the financial disclosure process. This has been one of the major bones of contention with SOX among executives.
    According to the Compliance Week study, companies with less than $1 billion in revenue, for example, pay audit fees that are equal to about 0.31% of revenue, while companies with more than $1 billion in revenue pay audit fees that are equal to only 0.05% of revenue. These costs have steadily declined in the past three years and Kelly said they would continue on that trend partly because more firms are auditing in-house. 
    Filed under: Compliance Management
    No Comments
  • 28Nov

    First companies certified to BS 25999

    SunGard Availability Services and TDG plc break new ground.
    http://www.continuitycentral.com/news03615.htm

    Two UK companies are the first in the world to have achieved certification to BS 25999, the business continuity management British Standard. On the day that BS 25999 part two was published (20 Nov), certificates confirming compliance were awarded by BSI Management Systems to TDG plc and SunGard Availability Services (UK) Limited at a presentation in London.

    BSI Management Systems managing director, Flemming Norklit said: "The significance of today’s presentation is huge for organisations throughout the world who hope to minimise the risk to their businesses presented by the threat of disruption.

    "TDG and SunGard are at the head of a long and growing line of leading-edge companies wishing to prove that they are doing what is required to protect their businesses. At our launch events last month in London, New York and Tokyo we had record numbers of attendees and the level of demand for certification to BS 25999 is like nothing previously experienced in the world of standards, not only in the UK but all over the world."

    Mr Norklit added: "The moment BS 25999 part two was formally published we reviewed the document and confirmed that TDG’s and SunGard’s management systems fully complied. Not only can they and their stakeholders be assured that they have a robust business continuity management system, but they have helped us to develop an assessment and certification scheme that from today we will be offering to clients around the world."

    Simon Beesley of TDG, UK-owned European supply chain specialist, believes that achieving the certification will give his company a competitive edge. He added: "Our major clients such as supermarket retailers have long insisted that we prove we have solid plans in place to provide business continuity and thus assurance of supply. Now that we have BSI’s certificate, proving that fact is significantly easier. We will now be insisting on it from our suppliers and expect it to be widely adopted throughout our industry."

    In accepting his award for certification against the Standard, Keith Tilley, managing director UK and senior vice president for Europe at SunGard Availability Services commented:"Given our four decades’ heritage in business continuity management, we recognise how BS 25999 can not only help organisations become more resilient, but more agile and competitive as well. Certification against the standard not only demonstrates our commitment to best practice to customers, it also provides us with valuable insight into the issues and challenges that certification may present."

    Robin Rumbles, customer experience director, SunGard Availability Services (UK) Limited receives BS 25999 certificate from Flemming Norklit, British Standards Institution.

    Filed under: Business Continuity
    No Comments
« Previous Page Next Page »