The Sarbanes-Oxley (SOX) –
Implications for Business and
Technology
Dallas, Texas
June 16, 2004
SOX Panelists
SOX – Implications for Business and
Technology
Kapila K. Anand
National Industry Director Real Estate & Hospitality Advisory
Services
KPMG LLP
© 2004 BearingPoint, Inc.
2
SOX – Implications for Business and
Technology
Richard Barrett-Cuetara, Esq.
Cowles & Thompson, P.C.
Hospitality and Lodging
© 2004 BearingPoint, Inc.
3
SOX – Implications for Business and
Technology
Emily Calloway, Director, Corporate Accounting
Starwood Hotels & Resorts, Inc.
© 2004 BearingPoint, Inc.
4
SOX – Implications for Business and
Technology
Monica Huber, Senior Manager
World Class Finance, Enterprise Solutions
BearingPoint
© 2004 BearingPoint, Inc.
5
SOX – What is it? What’s new?
How SOX came to be…………….
© 2004 BearingPoint, Inc.
7
The Spirit of the Sarbanes-Oxley Act
What are the driving forces behind SOX?

Restoring investor trust and confidence in the public markets

Increase the integrity of data reported to the public

Address perceived inequities arising from corporate and accounting scandals
© 2004 BearingPoint, Inc.
8
What has recently changed?
The SEC issued final rules in June 2003 for Section 404 and in March 2004 for
Section 409 which included the following amendments and modifications:
Section 404 – Management Assessment of Internal Controls

Changes the effective date from fiscal years ending on or after September 15, 2003
to June 15, 2004

Modifies definition of internal control

Requires companies to provide a statement identifying the framework used by
management to evaluate the effectiveness of internal control over financial reporting

Provides that management is precluded from determining that a company’s internal
control over financial reporting is effective if one or more material weaknesses in
such controls is identified

Provides that companies are not required to perform quarterly evaluations of
internal controls over financial reporting that are as extensive as the annual
reviews. Requires that companies evaluate any changes in internal controls over
financial reporting that could have a material impact over such controls

Provides that evaluation of disclosure controls is still required on a quarterly basis
but the date of such evaluation is set at the end of the fiscal period rather than
within 90 days of the report. Provides high level guidance on the level of this
required quarterly evaluation
© 2004 BearingPoint, Inc.
9
What has recently changed?
Section 409 – Real Time Disclosure

Expanding the number of events that are reportable on Form 8-K (add eight new
items to the form, transfer two items from the periodic reports and expand
disclosures under two existing Form 8-K items)

Shortened the Form 8-K filing deadline for most items to four business days after
the occurrence of an event
© 2004 BearingPoint, Inc.
10
The next big SOX topic will be Section 409:
Real-Time Disclosures
What
Real-time reporting of material events that could affect a company’s
financial performance.
When
August 23, 2004
The Need

Real-time analytics over batch systems

Ability to report on a wide range of events within 4 business days
(revised 3/25/2004)

Real-time notification and event driven alerts

Major deep integration of information assets

Loss of major client (bundled service purchaser or significant
component of product portfolio)

Increased exposure to “in trouble” industry (significant portion of
portfolio)

Impact of external party changes (e.g., regulators, auditors)

Write-offs of significant number of loans or portfolios

Cost over-runs on IT or other major capital project
Triggering Event Examples
Implication
Sarbanes-Oxley reaches well beyond just documenting and testing
controls and processes. SOX will require material changes to most
companies’ financial systems architectures.
© 2004 BearingPoint, Inc.
11
The SOX Investment
Where is the Money Going?
Excerpts from Wall Street Journal Article
(Companies Complain About Cost Of Corporate-Governance Rules,
2/10/2004)
To comply with section 404
public companies are spending
large dollars:

A survey of 321 companies …
shows that businesses with more
than $5 billion in revenue expect
to spend an average of $4.7
million each implementing the
new 404 rule this year, according
to FEI, which represents top
corporate officials.

Even before the most expensive
Sarbanes-Oxley rules take
effect, companies say their audit
costs are increasing by as much
as 30% or more this year

Companies also are paying
steep fees to fund a new
accounting-oversight board -- as
much as $2 million apiece
annually for some large
businesses
"We are seeing a significant drain," says Bill Kiernan,
Magma's controller. "We would not be doing this level of
documentation or going through this extensive an exercise
were it not for Sarbanes-Oxley.”
Magma Design Automation Inc., a chip designer in Santa
Clara, Calif., which has seen its legal and accounting bills
soar. Last quarter, Magma blamed the new rules in shaving
a penny off its earnings-per-share -- reporting nine cents
instead of 10 cents. The company, which posted $75 million
in revenue for fiscal 2003, saw its legal fees jump 105% in
the first quarter of 2004.
© 2004 BearingPoint, Inc.
13
Two approaches have emerged
in the marketplace
Protectionists
Most companies are focused on simply complying with the act in order to “check the box”.
The people they are hiring to assist them in these efforts reflects this focus.
Most of the current (section 404) SOX work is being handled by:

Audit Firms - Attestation & Testing, Controls Documentation

Temporary Resource Companies - Controls Documentation
Characteristics of this approach

Majority (>80%) approach

Achieved 302 compliance

Focused assessment for 404 compliance

Targeted remediation

Targeted use of technology (e.g., auditor tools for self assessment)

Few functional disciplines involved (e.g., Finance, Legal, Audit)
© 2004 BearingPoint, Inc.
14
Two approaches have emerged in the
marketplace
Transformers
Some companies are recognizing this as an opportunity to transform their organizations
and processes into world class operations to support real time reporting and disclosure.
These companies are hiring a mixture of:

Audit Firms – Attestation & Testing

Consulting Firms – Documentation Support, Systems Integration, Finance Process improvement

Software Vendors – Systems Installation, Support
Characteristics of this approach

Recognize opportunity to make real change in Finance

Targeted activities aligned with SOX timeline (302, 404, 409, etc.), multi phase approach

Extend remediation activity to include document management

Expanded use of technology as part of overall program

Multi discipline effort
© 2004 BearingPoint, Inc.
15
SOX touches the whole organization and often
involves external parties
The Sarbanes-Oxley compliance project engages the whole organization, from the Boardroom to
the front-line
expect to
document an average of 79%
of their processes and expect
external auditors will test an
average of 57% of those
processes. (FEI Survey
2/2004)
Governance
 Companies
 These
companies expected a
mean of 12,265.4 internal
people hours needed to
comply with Section
404/Management Report on
Internal Controls
 In
addition these companies
expected 3,059.1External
hours (EXCLUDING auditor’s
fee for attestation) needed to
comply with Section
404/Management Report on
Internal Controls
Policies &
Procedures
Financial
Reporting Process
Internal Controls
Financial
Systems
Internal
Organizations
- Finance
- Legal
- HR
- IT
- Sales
- Marketing
- Audit
External
Organizations
- Board
- Audit
- Partners
- System
Integrators
- Audit
Committee
Most firms will be required to do this in depth level of review. To miss the
opportunity to positively effect the processes would be a large opportunity lost.
© 2004 BearingPoint, Inc.
16
SOX – How does it affect me?
Discussion Questions
OK, so SOX is a fact of life for all companies today, what are issues facing
companies regarding current compliance efforts and what long-term impact
will the SOX have, if any?

How does SOX specifically affect the hotel industry specifically? Are compliance efforts more
complicated in the distributed ownership environment?

Is IT in denial regarding SOX compliance? What role do IT controls play in the SOX compliance
efforts?

Does SOX provide an opportunity for companies to drive forward to operational excellence on both
the business & IT sides of the house? Or is it simply something that companies "have" to do, and is a
tactical exercise in compliance?

What role does awareness training and communication play in achieving SOX compliance?

Does SOX provide a common framework for financial computing and reporting? Or is the act so
broad that each company may implement it in its own way?

What are the expected penalties for non-compliance?

Are role and responsibilities clearly defined in the IT area?

How will SOX change the business of doing business?

How are companies planning to leverage their ERP systems to achieve SOX compliance?

How are they tying their compliance tool into the rest of their financial infrastructure?

If have invested in compliance tools to achieve short-term compliance (e.g. 302 & 404) will these
tools be viable for longer-term compliance efforts?

Is ROI part of your SOX compliance mandate? If so, do you understand how to calculate it?
© 2004 BearingPoint, Inc.
18
Appendix
Maintaining an Ethical Work
Environment
Audit Committee
 Members of the audit committee must be members of the Board
of Directors, and they must be independent
Directors and
Officers
 Acceleration of Section 16 reporting requirements
 Forfeiture of certain bonuses and profits
 Personal loan prohibited for any director or executive officer
 Improper influence on the conducts of audits
Disclosure
Requirements
 Real-time company disclosure
Whistleblowers
 Protection of whistleblowers from discharge or discrimination in
terms of employment
Criminal Fraud
Accountability
 Destruction, alterations, or falsification of records in federal
investigation and bankruptcy
 Pro forma figures contains true statements of material fact and
adheres to GAAP
 Criminal penalties for defrauding shareholders
© 2004 BearingPoint, Inc.
20
Quantifying the ROI from Process
Improvements & Automation
Some Examples
Straight Hours Saved

Quantified by: Duration of Original Task(s)
– New duration of task(s)
—

Other Less Tangible Savings

Time Saved * Cost of FTE
(~$200,000)
How time is reallocated
—
Increased Analytical Time
—
Picking up new tasks that were
previously not completed due to time
constraints
Reduced overtime travel and food
expenses
—

Estimate these costs
Employee Satisfaction
—
Recognition of management team
listening to issues
Other Related Benefits

Reduction in Operational Risk
—
Lead to reduced turnover

Reduction in possibility of human error
—
Higher level of motivation
—
—
Time historically spent on activities
related to reconciliation's / pursuing
issues
Reduced Dependence on External
Consultants and Temporary Employees
Reduced costs through eliminating
need for time consuming
reconciliation
© 2004 BearingPoint, Inc.
22
Sample of ROI
Through automation significant costs were removed from employees daily
activities freeing them up to focus on more value added activities
Time Savings
Cost /
Month
Totals
Hours Saved / Month for value add tasks
Hours of External Staff / Month on value add tasks
Hours Saved / Month on reconciliation time
Cost Savings / Month
Cost Savings / Year
152
43
900
Desc. Of Cost
$6,080.00 Hourly Cost per $80,000/year employee
$5,375.00 Hourly Cost per external Consultant * hours
$36,000.00 Historical Monthly Avg. time spent * affected users
$47, 455.00
$569,460.00
Distribution of Staff Tasks
Prior to Process Improvement
Post Process Improvement
Value Add
Overtime
Reconciliation
External Staff
© 2004 BearingPoint, Inc.
23
Sample ROI
Through improving the staff’s quality of work life the group has realized
significant reduction in turnover and the associated cost savings
Retention Savings
Description of Benefit
Est. Value or Benefit / Year
Benefits of retraining employees who are knowledgeable about the organization for
other positions
Productivity benefits of effective training
Benefits associated with maintaining employee motivation – willingness to work
overtime, willingness to learn new job functions
Cost of attrition related to hiring and on-boarding.
Benefits associated with employee retention and turnover - Benefits associated with
removing employees with performance problems – improved customer satisfaction,
improved employee satisfaction, improved management effectiveness.
Total Savings / * 3 Employees
$3000 / employee
$9000 / employee
$200 / employee
210,000 / employee
$200 / employee
$667,200
* Based on an assumption of improved work environment results in 10% less attrition of workers effected
© 2004 BearingPoint, Inc.
24