Despite an extension in the deadline from June 15, 2004 to November 15, 2004, half of large U.S. companies polled are still less than 60 percent complete in meeting their Sarbanes-Oxley (SOX) Section 404 filing requirements, according to a survey conducted by ACL Services Ltd. and the Center for Continuous Auditing (CCA).
The poll of 248 senior audit professionals at corporations with more than $1 billion in revenues reports considerable challenges meeting SOX Section 404 filing requirements. In addition, the survey found that 67 percent of companies have no annual budget allocated to maintain Section 404 compliance after the initial filing requirement.
The Section 404 deadline is the first in a series of deadlines within the Sarbanes-Oxley Act, and requires that corporate management teams assess the effectiveness of internal controls. Punishment for false statements by senior management will include fines and jail time.
The ACL Services-CCA Survey reveals that one quarter of the respondents are only mildly confident or not confident at all in their company's ability to maintain Section 404 compliance after the first filing deadline.
"The results of this survey reflect the concerns we have been hearing from the audit community," says Harald Will, President and CEO of ACL Services, the leading provider of business assurance analytics technology for audit and controls professionals. "They clearly demonstrate that many companies still maintain a short-term mindset when addressing the ongoing requirements set forth in Sarbanes-Oxley, despite a recognition of the benefits of ongoing and continuous monitoring of internal controls. Meeting these regulatory requirements is the new reality, but the running of a better business over the long-term should be the objective. This survey indicates that many companies still must recalibrate their thinking."
As companies determine how best to maintain ongoing compliance with Section 404, they are looking more aggressively towards technology to minimize compliance costs. Of the companies that have already begun using technology to perform continuous monitoring of their internal controls, 25 percent indicate that this continuous monitoring activity is directly related to Section 404 compliance. Ninety-three percent of those surveyed stated that continuous auditing and monitoring is either important or very important for an effective SOX 404 compliance strategy.
The Honorable David M. Walker, Comptroller General of the United States and Chair of the CCA Advisory Board is a long-time advocate of continuous auditing. "The value of continuously monitoring and auditing controls has been discussed and experimented with for a considerable time but two factors are now helping it to become standard practice. Specifically, enhanced computer technologies and the impact of legislative changes such as the Sarbanes-Oxley Act, are serving to facilitate and accelerate the use of continuous auditing approaches," says Walker. "This survey further confirms that certain technology solutions, which include some level of continuous processes, can help management meet its responsibility in reporting on Section 404."
"In the absence of a continuous monitoring process, organizations may be further exposed to fraud, error and abuse - representing a significant cost as well as profit erosion through revenue leakage," says J. Don Warren Jr., Director of the CCA. "The role of the auditor-both internal and external-is integral to ensuring these processes adequately address the internal control reporting requirements of the Sarbanes-Oxley Act."