The triple whammy of Sarbannes-Oxley, International Accounting Standards and Basel II will have a major impact on the applications landscape - perhaps forever. So far, weve seen precious little from vendors but the reality is that compliance, in all its guises, has a much greater impact on IT than people might think.
In essence, the numbers that drive the business will need to be supported by a far greater range of information than has heretofore been the case. In the past, CEOs signed off on publicly distributed information based on what they have been told by the combination of finance chiefs and auditors. That is no longer enough.
The Sarbanes-Oxley Act in the US imposes a far greater degree of accountability at board level than previously existed. Section 404 of the Act mandates that companies attest to the adequacy and efficiency of their internal controls and processes. What has that got to do with IT? Well, both Microsoft and Oracle think its important enough for them to address the issue head on with the introduction of new products.
And dont run away with the idea that Sarbanes-Oxley is a US-only phenomenon. Recent research reported by BASDA, the UK trade organisation for business software vendors indicates that this has climbed the agenda with 30 percent of finance chiefs wanting to know more about its impact.
Microsoft's Office Solution Accelerator, which is based on Microsoft Office is integrated with Microsoft Windows Server 2003, Windows SharePoint Services, Office InfoPath 2003 and SQL Server 2000. It seeks to address the need for controlling, monitoring and testing internal documentation used in support of the numbers. Microsoft says this free downloadable add-on includes sample code, templates and other customisable functions. Microsoft also claims to address Section 302, which requires C level executives to certify their company's reported results.
The Accelerator enables companies to define document types and their properties. Such documents might cover risk, processes and control. Partners can use XML to capture and report document properties, store reference material in a shared document repository. These can in turn be used to capture and report document modifications. The software also provides an audit trail of changes a key element when explaining business processes and how these are modelled.
The kicker is that customers need the latest versions of Windows Server and InfoPath so you dont get a totally free ride.
Oracle on the other hand wants money for Oracle's version 2.0 of Internal Controls Manager. At $30 per company employee, this can quickly add up to a hefty charge. However, customers can expect some discounting for volume licensing. The product claims to provide a higher degree of control around business processes, documentation and risk. In addition, its financial applications have been beefed up so that customers can upload industry specific risk libraries developed by the worlds major auditing companies. These can then be mapped to internal controls
The new raft of International Accounting Standards (IAS) will change many classes of application. Without delving into the specifics, there are major changes in the way information is reported. And although the scheduled start is 1 January, 2005 the reality is that companies need to have projects underway now in order to get the comparative data for 2004 in place.
A couple of examples indicate the forthcoming changes. Companies must now segment their results across two dimensions. First is geographic, the second by economic business unit. In Microsofts case, this second measure might be server, personal productivity, consumer and tools. From an IT perspective, this means taking a close look at general ledger coding structures and then determining the required changes to not only get at the sales figures but the profits associated with each unit. Where a unified database system is used as the basis for accounting, this should not be onerous but many systems dont take this approach. Companies may well be faced with adding in specific functionality in order to capture the required data. But it doesnt stop there.
Companies will be required with certain exceptions - to conduct impairment tests to all assets. The data that informs these tests will come from a variety of systems but the current thinking is that there will need to be a marriage between traditional finance and document management (DM) systems. This is because there will be a requirement to show an auditable trail of documents and the processes that support those decisions. This has clear workflow implications but at present no-one is taking a real lead in joining up the applications dots although business intelligence specialists Hyperion claim to have a project on the drawing board that will meet these needs.
The logical place for project is through a melding of business intelligence applications to DM but there will be a need to understand process control in the financial applications themselves. Much of this work will be undertaken by consultants but IT will almost certainly see an increase in data volumes and the speed at which those data flows pass through the IT applications infrastructure. In the meantime, solving these issues will require a kludge or two.
Finally we have the spectre of Basel II. This is aimed towards the financial services industry but in essence Basel II imposes discipline that will need to be evidenced through the application of best practice in risk management. It is thought that significant numbers of financial organisations may find it difficult to demonstrate best practice. Given that financial services are a key part of the UK economy with all companies that have international dealings relying on the City, this is hardly a minority sport.
Their systems tend to grow organically and through systems integration work following merger and acquisition activities. This leads to data integrity issues, missing data, lack of audit trails, problems with archiving and retention, ambiguous data definition and the misalignment of system processes with business processes. This is a set of problems that companies like TIBCO and IntegraSP are seeking to address through the mixture of business integration, event and process control combined with industry specific functionality. It is expected that the final agreement on what will be included in Basel II will be conclude by the summer of this year with implementation by year-end 2006. Given the likely scale of the attendant IT projects, financial organisations will need to get their thinking caps on pretty soon if theyre to meet the deadlines.