Getting compliance right

Learn how world-class enterprises are making compliance work for them. In this Q&A, Mark Krueger, senior business advisor and founding member of The Hackett Group, shares his insights on the cost of compliance, strategies world-class organizations have employed to make SOX compliance effective and efficient, and how organizations should improve their compliance efforts.

With Mark Krueger, senior business advisor and a founding member of The Hackett Group.

Question: The Hackett Group recently released research on compliance costs. What are some of the key findings?

Krueger: Typical companies are spending $940,000 per billion dollars of revenue on compliance management, while world-class companies spend 36% less. World-class finance organizations spend 42% less in the finance function than typical companies, and have 44% fewer finance staff. Typical companies have seen an 18% increase in total finance costs since 2003, while world-class finance organizations have seen a 5% drop during the same period. Compliance costs have risen significantly for both world-class and typical companies since 2003. But world-class companies spend 36% less on compliance than typical companies, at .060% of revenue versus .094%. We believe that average companies are spending an additional amount, potentially equal to or greater than the compliance management costs, on key control activities. These activities would include documenting, testing and potentially remediating key controls throughout the business.

Question: How have world-class companies been able to achieve this superior performance?

Krueger: World class companies are reaping the dividends of work done previously in improving performance of their finance functions. Three factors are involved. First, they have standardized business processes across their organizations. In other words, the accounts payable function, for example, is performed the same way everywhere. They have also consolidated transactions into shared service organizations, in that way reducing the number of places where controls had to be audited. Third, they have implemented single Enterprise Resource Planning applications to allow a single instance of where data is stored, accessed and validated. These three things have allowed world-class organizations to perform Sarbanes-Oxley compliance functions in an effective and efficient manner.

Typical organizations had to go through documenting processes and controls that world-class organizations had already done. This accounts in large part for the fact that for the first time in 13 years, the cost of the finance function in the average company went up. The fact that the average company spent 1.26% on finance in 2004 as opposed to 1.07% in 2003 is attributable the fact that they had to apply more resources to conduct Sarbanes-Oxley testing. World-class companies in the same time frame reduced finance costs by 5% to 0.73% of revenue. This remarkable feat shows that Sarbanes-Oxley did not get in the way of achieving ongoing process improvements.

World-class organizations have also managed to make better use of technology, especially self-service capabilities. We believe what this means is that in world-class companies, people see transactions to completion and the companies are also more likely to provide online access to information. These companies have opened up the veil to allow managers to see financial results, they use balanced scorecards to help manage the business, and they have made the business more transparent.

Question: Where do you see compliance costs going in the future, and what can typical organizations do to improve?

Krueger: We surmise that we have seen the peak in costs in 2005, but we expect that the costs in 2006 and 2007 will still be higher than in 2003. We talked to a number of controllers and CFOs who intend to cut Sarbanes-Oxley costs in half next year. They said they could not continue to fund that level of expenditure on an ongoing basis. For peer companies, the challenge going forward is whether they will be able to adopt process monitoring techniques that allow them to comply without having to do a lot of remediation and testing. One of the Sarbanes-Oxley Section 404 control requirements is to be able to report material events in real time. Peer companies have to be asking themselves how they are going to do this. For example, financial service institutions will have to report trading issues in their global outposts quickly. Before Sarbanes-Oxley, they sometimes waited months. The more decentralized the organization and the more global, the more difficult to establish real-time control and monitoring.

Peer companies first and foremost should perform a gap assessment comparing their capabilities with those of world-class organizations. Second, they need to standardize their processes across all business locations. Third, they need to reduce the number of locations where they perform transactional accounting activities through use of shared services or centers of excellence or through outsourcing to third parties. Fourth, they should examine ways to better leverage existing technologies through an assessment of those technologies against best practices and either moving to common applications or a common repository of financial results. Seventy-five percent of world-class organizations have central data repositories for management reporting versus 40% for peer companies. This is significant because it allows world-class organizations to close their books and respond to requests for information much quicker.

These 3 Questions originally appeared in a weekly report from IT Business Edge.

Dig Deeper on Financial reporting and compliance data management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.