Sunday, February 20, 2005

Sox Compliance: automated corporations next?

US public companies are struggling to implement the 2002 Sarbanes Oxley Act which is designed to protect shareholders and improve company internal controls and responsibilities in the wake of the Enron, WorldCom and other corporate scandals and malfeasance that hallmarked the early 2000s.

On the surface, Sox compliance is about complying with requirements to store records of business activity for five years. Less ostensibly, Sox is about the significant ongoing process of turning abstract perceptions of strategy, risk, security and control into measurable definitive processes that can be tracked over time. Companies may spend up to 2% of revenues to become compliant in year one, and to stay compliant, are hiring additional finance officers and staff. Accounting and consulting firms are enjoying a boom of engagements to aid firms in meeting compliance deadlines. Maintaining compliance is a moving target, it means having a company's accounting, finance, IT systems and other internal controls and security keep pace with the dynamism of the business.

To some degree, Sox sounds wasteful, bureaucratic, artificial and innovation-stifling, and it is not clear that it will resolve and prevent corporate abuse. Are formerly competitive US companies becoming more like the regulation-burdened enterprises of Europe? However, when seen with a slightly different frame, Sox may actually be quite helpful. Companies are developing a layer of consistent practice across entities and industries. Corporate business execution is becoming more standard and streamlined, paving the way for systems, not people, to administer both compliance and general business functions in the future. Greater standardization and clarity also facilitates process improvement as a next step.

Since Sox is so recent a corporate phenomenon and standardized physical implementation tools are still being created and refined, primarily by accounting and consulting firms, appropriate software automation solutions are evolving slowly but will presumably play a significant future role. It will be wonderful to start having self-discovering, self-healing, self-securing, self-monitoring, and self-executing software running a lot of the routine human tasks that keep processes moving within corporations. Another added benefit of the Sox compliance process is that humans are getting better at specifying and defining and standardizing concepts and tools in more abstract realms like business strategy and corporate risk.