Already a Bloomberg.com user?
Sign in with the same account.
Ask any CEO: Section 404 of the Sarbanes-Oxley Act is the corporate equivalent of root canal. Big public companies spent thousands of hours and an average of $4.4 million apiece last year to make sure that someone was looking over the shoulder of key accounting personnel at every step of every business process, according to Financial Executives International (FEI). Designed to nip accounting problems in the bud before they blossom into fraud, Section 404 is a core provision of the 2002 corporate-reform law. The number of companies that disclosed serious chinks in their internal accounting controls jumped to 586 in the first four months of 2005, compared with 313 for all of 2004, according to Glass, Lewis & Co., a financial research firm. But that's a tiny fraction of all public companies, leaving most CEOs griping about an exercise that seems to be all pain, no gain.
Most CEOs -- but not all. A few companies are discovering, to their surprise, that taking stock of internal controls can help beyond just unmasking accounting problems. By forcing executives to dig deep into how their companies get work done, Section 404 is enabling businesses to cut costs and boost productivity. "There truly is a silver lining" in 404, says Gary Moran, managing director of Alvarez & Marsal Business Consulting LLC. His firm and CFO Research Services sponsored a report that discusses the unexpected benefits that 404 yielded at Cisco Systems, Genentech, and other companies."DIRTY LITTLE SECRET"
Of course, even the most onerous rules handed down from Washington hold some advantage for somebody. In the case of 404, the vast majority of companies still thinks it's overkill. In the FEI survey, 94% of top executives at the 217 public companies it polled said the costs of compliance far outstrip any gains.
But for some companies, 404 documentation is turning out to be a catalyst for computer-system upgrades and other efficiency moves that chief financial officers have long had on the back burner. "The dirty little secret is that many CFOs love 404" because it has given a boost to initiatives that had trouble getting traction, says William J. McDonough, chairman of the Public Company Accounting Oversight Board, the agency that turned Sarbanes-Oxley's language on Section 404 into specific directions for management and auditors.
Consider Pitney Bowes Inc. (). For years, the Stamford (Conn.) mailing-and-document technology company had been fitfully trying to create central offices for accounts receivable, billing, payroll, and seven other functions that its business units were doing on their own. Being forced to review its internal controls -- which cost Pitney Bowes $12 million last year -- turbocharged that move. The company found, for example, that its accounts-payable units may not have had enough staffers to ensure that one person isn't both entering a vendor's invoices on the books and also paying the vendor's bill, something that could open the door to fraud, says CFO Bruce P. Nolop. And documenting everything that, say, a payroll office does lets Pitney Bowes meld the various units without worrying that key knowhow will walk out the door when employees leave or are redeployed.
The early results are promising. Pitney Bowes expects to save more than $500,000 in 2005 by combining four accounts-receivable offices into one. Testing the strength of controls "is really an opportunity to drive change that we all know is necessary, but that's hard to accomplish otherwise," says Nolop.
Similarly, at Genentech Inc. (), simply being armed with detailed reports on financial controls "sped up by several months" installation of a new computer system that consolidates its financial data, says Elaine M. Yang, director of general audit. The new system lets managers at the South San Francisco biotech behemoth spend more time analyzing data -- such as how many orders came from one customer in the last 48 hours -- instead of just gathering it.
At other companies, the 404 exercise revealed soft spots in business management, says Mary Driscoll, president of CFO Research Services. Take Cisco Systems Inc., which spent $50 million and 240,000 hours on its first-year audit of internal controls. The mind-numbing effort revealed opportunities to streamline steps for ordering products and service, making it easier for customers to do business with Cisco. Section 404 "forced us to make sure that when a customer calls, sales and support are integrated," says Amy Kwan, senior director of finance.
Other companies are using the paperwork generated to describe their internal controls as job-training manuals. "Once you have the procedures documented, new staffers can sit down with them and get up to speed on their job by virtue of facts, not folklore," says Thomas M. White, senior vice-president and CFO at Hub Group Inc., a transportation-management company in Downers Grove, Ill.
Still, even finance executives who are leveraging their Section 404 work don't feel that they're getting a full bang for their buck. "There's no doubt that 404 goes too far," says Nolop of Pitney Bowes. "You end up documenting things for the sake of documenting them, even if your judgment says you've gone a bit overboard." Pitney Bowes's exhaustive review -- a task that involved testing 134 processes and more than 2,000 controls in 53 locations -- found no significant weaknesses.
Companies shouldn't have to dig as deeply into their pockets this year. After 2004's rollout, companies have laid much of the groundwork. The PCAOB, meanwhile, is exhorting management to focus on critical controls and not sweat the small stuff. Dennis M. Nally, chairman of accounting firm PricewaterhouseCoopers LLP, figures that public companies will spend 25% to 35% less to check internal controls in 2005. But outside auditor fees, which rose 55% for big companies last year, may not decline. Nolop expects that Pitney Bowes's total tab this year, including auditor's fees, will run to about $8 million, a third less than in 2004.
That's still steep, but it may be a small price to pay for safeguards against fraud. And if companies can use the information to make other aspects of their business more efficient, so much the better. By Amy Borrus