In-Depth

Sarbanes-Oxley: The Role of Business Intelligence and Data Management

The requirements for compliance will soon become clear. In the meantime, companies can gain greater control of, and visibility into, their financial data and transactions from a BI and DM solution that fits within a framework of financial governance.

• By Vinod Badami
• 09/17/2003

While the anxiety surrounding the Sarbanes-Oxley (SOX) Act may have lessened when the SEC extended the deadline for compliance, it has become clear the SOX Act has set in motion the need for a complete review and assessment of corporate financial reporting applications. SOX mandates new internal controls, disclosures, and reporting rules for corporate financial governance and will require changes to existing applications that report, track, and maintain financial data.

The SOX Act does not specifically state the internal control requirements that a corporate financial system must have. However, section 404 does require management to take responsibility for, and assess the effectiveness of, their internal controls for financial reporting. Also, section 302 makes corporate officers liable for the accuracy of information presented in financial statements, while section 409 requires companies to provide timely reports to investors, the SEC, and other involved parties on material events.

These provisions increase the responsibility of company’s management, who must adopt all possible measures to ensure accuracy in their financial statements, including implementing the necessary processes, controls, and systems required to meet this mandate. In addition, while the CEO and CFO are ultimately responsible for the accuracy and certification of financial statements, the process of certification will involve people within the organization who will require access to financial data in order to ensure that internal controls are maintained and monitored. Also, since most large companies utilize IT extensively to support business processes, it can be logically assumed that IT controls will also fall under the scope of the SOX Act.

What companies require is a solution that allows them to consolidate and standardize financial data from the various operational applications that contribute financial related data. This includes, but is not limited to:

• Viewing data pertaining to sales, customers, invoicing, shipping, procurement, etc.

• Providing the functionality to allow users to drill from summary reports and metrics to the lowest level of related transactions with full control over the depth and breadth of each person’s view of the data

• Enabling users to analyze the data and automatically scan hundreds of thousands of transactions and identify anomalies in the data

• Providing the means to track and audit the data

• Providing the ability to capture and monitor control information related to the flow of transactions

Standard financial accounting applications were not designed to provide access to detailed transactions available in the operational systems, nor did they provide the capabilities to alert, identify, and track anomalies or provide analytic capabilities to allow users to analyze and investigate the data.

Determining the Impact on Financial Reporting Applications

The full impact of SOX is not yet evident primarily because the SEC is still finalizing the implementation aspects. This has given rise to a great deal of confusion and speculation related to the cost of compliance. Comparisons are made to the cost of solving the Y2K problem to a complete financial systems overhaul. However, the one thing companies have realized is that they have to implement a solution that provides reasonable assurance that assets are safeguarded against unauthorized or improper use, that transactions are executed in accordance with management authorization, and such transactions are properly recorded to ensure that financial statements are fairly presented in conformance with GAAP.

Further, the solution should provide access to financial data details in order to meet the objectives of data control, auditability, and traceability. In addition, the solution should provide functionality to automatically scan transactions, issue alerts when anomalies are detected, and provide secure access to relevant data across various levels of the organization.

The first step in determining the impact on your organization’s financial systems is to perform a needs analysis and determine the gap that must be filled to meet SOX requirements. The needs analysis must consist of:

• Listing the new requirements that have to be met for compliance with SOX

• Identifying the various financial, audit, and risk management applications currently in use

• Mapping the functionality of each application to the new SOX requirements

• Documenting the functional gap

• Identifying the issues related to having multiple disparate applications that manage financial data

Once this critical step is completed, you now have a roadmap of the new solution required to meet the requirements of SOX.

The Role of Business Intelligence and Data Management

BI solutions are the de facto standard used by many organizations today to build the single version of truth of their corporate data. The goal of business intelligence (BI) and data management (DM) solutions are to extract, consolidate, integrate and manage data from various operational systems and deliver reports and analytics to the business users. A data warehouse, which is part of a BI solution, is the repository for all the disparate data.

BI and DM can provide the framework for implementing the controls and processes to easily and efficiently manage and report on financial data. The key benefits of a BI and DM solution in support of financial compliance are to:

• Provide a dashboard of financial control metrics

• Enable the consolidation of all financial and related data in one place

• Serve as a single point of secure access to this data; individuals will be able to view data based on their role and can play a part in the final certification of the data

• Allow users to drill down from summary data to detail transactions within the same solution

• Provide features to alert and inform executives of anomalies identified in the data

• Enable the application of rules to detail data and automatically identify when a variance is detected or a threshold is crossed

• Provide a robust data management process to ensure data control, quality, auditability, and traceability

• Give users the ability to standardize and integrate multiple versions of financial data to present a consistent picture

• Provide end-to-end meta data to enable users to easily understand the data and trace its origins

• Facilitate processing of hundreds of thousands of transactions in a very short time, as well as analyze and identify trends that may lead to a material event

The requirements for compliance with the SOX Act will become clearer in the coming months. However, companies that want to gain greater control and visibility into their financial data and transactions will benefit from a BI and DM solution that will easily fit within an overarching framework of financial governance.