Ventana Research sees the issues of compliance, audit, and control entering a new phase. In our judgment, the post-scandal period that drove the passage of the Sarbanes-Oxley Act (SOX) is coming to a close. For the past two years, all U.S. public companies -- and even some others that have no legal obligation -- have been scrutinizing and correcting their financial control systems to comply with Section 404 of the act (by far the most onerous element of reform for a public company). For most of these companies, the distraction and anxiety associated with meeting the act's requirements will dissipate over the next couple of months as they complete their initial compliance phase.

What happens next depends a great deal on how well public companies have prepared to comply with the rules and how stringent auditors are in assessing their conformity. Ventana Research expects that if a reasonable amount of stringency is applied, the majority of public companies will be assessed as having adequate financial and IT control systems in place. We expect about 10 percent to 20 percent of the public companies will be cited with one or several "serious deficiencies" in their financial control systems in their initial annual audit, and that another 2 percent to 5 percent will be marked as having material weaknesses. Auditors likely will want to make an example of the companies that fall short in the Section 404 efforts, producing headlines (at least in the business press) in early 2005. Yet, unless we are mistaken about how prepared companies are to comply with Sarbanes-Oxley, or unless the Public Company Accounting Oversight Board (PCAOB -- pronounced "peek-a-boo") and the auditors it oversees want to be heavy-handed in their enforcement, Ventana Research expects the compliance topic to fade into the background.

In the background, perhaps, but not entirely forgotten.

For one thing, Ventana Research expects a gradual ratcheting up of control standards over the next several years. What was marginally passable for the 2004 audit will become unacceptable by 2006. Those companies that the auditors give some slack in 2004 will have to catch up in 2005. Next year they will continue their 2004 efforts, although with less uncertainty (because their shortcomings will have been made clear by their auditors) and less intensity. For the other two-thirds of public companies, compliance efforts will shift to optimizing their audit and control processes.

The challenge facing finance executives in 2005 is how to change their audit and control processes to overcome the drag on efficiency. Typically in the past, companies did not design their procedures and supporting information systems for efficient execution in today's environment. Some, maybe even many, of the financial controls that companies carefully put into place over the past two years represent mere "Band-Aids." They address symptoms of systems that may have been adequate in the past, but which now are ineffective for a SOX environment. Ventana Research asserts that world-class finance organizations will focus on reducing the ongoing cost of compliance by ensuring their processes and the IT systems that support them are structured to promote compliance efficiency.

Ventana Research recently completed a study of regulatory compliance, audit, and control issues facing companies. Objectives of this study were to assess the impact of audit, compliance, and corporate governance issues; determine ways in which the internal audit function has changed; and calibrate attitudes toward Sarbanes-Oxley software solutions.

Because Ventana Research advises companies on how they can use IT to address business concerns, we also looked into their use of software to address SOX issues. The data presented includes only qualified companies -- that is, those with 1,000 or more employees. Half of the respondents had finance titles, 8 percent were in IT, and the rest were mainly line-of-business managers.

The Most Important Issues

We asked respondents to assess the importance of various issues facing companies (particularly U.S. public companies), and to mention and rank any that were not in our list of choices (see "Importance of Compliance Issues"). Sarbanes-Oxley compliance and corporate governance are the most important issues. The former was ranked the most important issue by 46 percent of the participants and second by 16 percent of the participants, while the latter scored first with 30 percent of respondents and second with 38 percent of respondents. The weighted average (WAV) rank of the two responses is identical at 2.1. In the wake of the post-bubble corporate scandals, these two are top-of-mind issues for executives and receive a great deal of attention in business publications and general media.

Audit costs were ranked a distant fourth as an issue, with a WAV ranking of 3.2. At the beginning of 2004, audit costs received much attention because fees for larger companies had increased significantly. By mid-2004, their importance seemed to be fading, probably because the biggest bill from the auditor comes but once a year, and possibly because audit costs are of more concern for the CEO/CFO. Still, as the "Importance of Containing Audit Fees" graph shows, audit fees are very relevant to the study contributors. More than three-quarters rate the issue "very important" (28 percent) or "important" (52 percent).

1 2 3 Next