Portals eNewsletters Web Seminars dataWarehouse.com DM Review Magazine
DM Review | Covering Business Intelligence, Integration & Analytics
   Covering Business Intelligence, Integration & Analytics Advanced Search

View all Portals

Scheduled Events

White Paper Library
Research Papers

View Job Listings
Post a job


DM Review Home
Current Magazine Issue
Magazine Archives
Online Columnists
Ask the Experts
Industry News
Search DM Review

Buyer's Guide
Industry Events Calendar
Monthly Product Guides
Software Demo Lab
Vendor Listings

About Us
Press Releases
Advertising/Media Kit
Magazine Subscriptions
Editorial Calendar
Contact Us
Customer Service

Eye on ROI:
The Real Returns of Meeting Sarbanes-Oxley Compliance

online columnist The Gantry Group     Column published in DMReview.com
December 22, 2004
  By The Gantry Group

As the deadlines for the various Sarbanes-Oxley (SOX) Act regulations come due, the need for SOX compliance is becoming a reality. While the SEC provided some respite by extending the deadline to July 15, 2005, for companies (with equity market caps under $75 million) to demonstrate compliance, most enterprises are still challenged to implement the required changes in reporting, storage and transaction tracking necessary to meet new internal controls provisions. Companies with market caps in excess of $75 million have until their first fiscal year ending after November 15, 2004.

Specifically, the amendment calls for public companies to include a specially mandated report within their standard annual reports. This new report articulates how the company is enforcing internal control over financial reporting and accounting. But wait ... there is more. In addition to internal controls for financial reporting and accounting, the SOX regulations further stipulate information and records management procedures. This makes the management of enterprise content a key part of compliance. Along with new definitions of what content and data must be labeled as a "record" (and therefore be treated as such), the lifecycle, access, storage and dissemination of information must comply with numerous SOX requirements. In short, business executives are faced with a broad redefinition of what "financial information" actually is. A good assumption is that any part of a business operation that impacts financial outcome is likely to be covered by SOX reporting requirements.

Reaching beyond the information and data itself, the SOX ruling also specifies the type of hard disk or optical storage that should be used. Clearly the provisions touching the management of information have a profound impact on an enterprise's storage capacity needs. Not only must more data be stored, but it must be accessible immediately (hours rather than days). And it is not sufficient to simply have rapid access to information and reports; enterprises must also be able to prove the authenticity of any and all aspects of operation that impact their financial outcome.

It isn't surprising that the SEC extended the deadlines for compliance with these provisions. Companies who had not planned to make new IT investments suddenly must do so in order to avoid stiff penalties. This brings us to ROI. How do you measure or even define the economic return from investments in technology needed for SOX compliance?

The Positives of Avoidance

To begin, ROI is generated from IT investments that help you comply with SOX when you don't have to pay penalties. The money you are avoiding paying in regulatory, non-compliance fines is where the economic impact can be measured. However, this is easier said than done.

The financial penalties of SOX non-compliance vary widely, making it difficult to assess just how much money you are saving by being in compliance. On top of this, with regulations as far-reaching as SOX there will always be some degree of risk that somewhere in your organization, some piece of information is not being managed properly. To assess the ROI then, you must both calculate the size of the penalties avoided and the risk that you will be found non-compliant.

Investments in technology that aid SOX compliance help you save some amount of money that you might otherwise have to pay.

The Ripple Effect

Being found in non-compliance of SOX can have other negative affects on your business - beyond the levying of fines (or imprisonment if you are found willfully fraudulent). In addition to the governance and transparency requirements of the Act described above, SOX also creates new categories of infringement that include willful destruction of documents, management retaliation against whistle blowers and fraudulently influencing a company's auditors. Some two years after SOX was enacted, cases are just now reaching the courts. Where there are courts, there are lawyers; and where there are lawyers, there are always hefty legal bills.

Companies that are found to be in non-compliance with SOX will also lose millions or more in revenues as consumers shun their products, and partners get as far away as possible. Further financial damage will be wreaked as shareholder value drops due to the reaction of the capital markets. Compounding this, such companies will also face material increases in their cost of capital, not to mention less access to capital. Large companies that trade debt through bond issues will face a tough foe in the financial markets.

Suddenly assessing the ROI of "compliance technology" seems like a daunting task. Not only is the value "soft" in that it is probability based, but there are many, many other immeasureables that contribute to the financial consequences of non-compliance. Nevertheless, given the scale of the economic impact of non-compliance, one intuitively senses that investment in compliance technology is wise - and you don't need an ROI analysis to tell you that.

The Upside

However, avoiding financial disaster is not the only economic benefit from such IT investments and the enforcement of internal controls. Not to be missed are the potentially material benefits that result when your company is run well. One of the side effects of SOX is that in forcing companies to be accountable for their financial results, there are also numerous efficiencies that can be realized from the resultant increase in transparency. Instituting controls can, for example, help a company to find areas where revenues were being siphoned off (deliberately or otherwise), providing whole new incremental income. Other companies spending millions annually on paper-based processes may find that the imaging and storage systems necessary for SOX compliance can reduce costs in amounts far greater than the solution investment.

Maybe the expense of meeting SOX stipulations will turn out to be stimulation for bottom line growth through better-run companies. Even with all the costly onerous requirements of SOX, it just might be a driver that leads to increased shareholder value.


For more information on related topics visit the following related portals...
Compliance and ROI.

Dawna Paton and Dale Troppito are managing partners of the Gantry Group. Paton has helped guide the Gantry Group's rigorous ROI best practice models based on a 25-year career as chief executive officer, CFO, sales and marketing executive, and venture capitalist in high technology companies. You can reach her at dpaton@gantrygroup.com. Dale Troppito, company cofounder, believes that the technology leaders of the future will be those that understand the crucial role that a market-validated, value delivery strategy and compelling ROI play in shaping corporate competitiveness and customer satisfaction. You can reach her at dtroppito@gantrygroup.com.

E-mail This Column E-Mail This Column
Printer Friendly Version Printer-Friendly Version
Related Content Related Content
Request Reprints Request Reprints
Site Map Terms of Use Privacy Policy
SourceMedia (c) 2006 DM Review and SourceMedia, Inc. All rights reserved.
SourceMedia is an Investcorp company.
Use, duplication, or sale of this service, or data contained herein, is strictly prohibited.