Much to the relief of corporate officers, last month the SEC pushed back the deadline one year for compliance with Sarbanes-Oxley Section 404 (internal controls). Although one would expect that companies would respond by relaxing their efforts to beef up internal controls, apparently this has not been the case. Research firm AMR recently found that many companies are actually using the extra time to expand their efforts in strengthening internal controls. In terms of information technology, AMR found that Sarbanes-Oxley is giving urgency to three types of projects:
- ERP instance consolidation. Public companies that have different ERP systems across multiple business units are using Sarbanes-Oxley as a reason to migrate to a single system, making internal controls easier to standardize. AMR found that "Nearly 65% of public companies are strongly considering ERP instance consolidation as a remedy to process standardization."
- Better implementation of existing controls and processes. In many cases, ERP systems already have features and functions needed to strengthen internal controls--but they are not fully implemented. AMR found that "nearly 40% of companies surveyed will evaluate the existing features and functions of applications and platforms already in place and configure their systems to take advantage of this built-in and often-ignored functionality."
- Investments in Enterprise Performance Management (EPM). One hot class of applications in light of Sarbanes-Oxley is EPM--software that gathers and operating metrics across multiple operating units. AMR found that "slightly more than 32% of companies surveyed are considering EPM....Demand for better internal and external disclosure, and longer term requirement for near real-time reporting of material events to outside regulators."
The full article
is on AMR's web site.