By Harris Collingwood

The right tools and attitude can turn compliance into a competitive advantage, via process change.

Now that most publicly held organizations have had two+ full years of experience implementing the provisions of the Sarbanes-Oxley Act, they're discovering opportunities to reduce not just the cost of compliance but the overall cost of operations as well. Indeed, experts say SOX can be a catalyst for change that leads to competitive advantage.

There's no inherent conflict between controlling compliance costs and leveraging SOX efforts to create enterprise value, argues Stephen Wagner, managing partner of Deloitte & Touche's U.S. Center for Corporate Governance. "The two activities are often complementary," he says, noting that many finance officers treat SOX as an opportunity to streamline processes, upgrade and standardize IT and accounting systems, and eliminate or significantly reduce manual operations.

At a recent conference in New York sponsored by CFO magazine, Wagner advised finance professionals to take a close look at their control systems as they search for cost savings and sustainable competitive advantage. "Many organizations," he warned in his presentation, "are spending only 20 percent of their compliance time on areas that are the source of 80 percent of their problems."

To avoid such misdirected efforts, Wagner urges companies to adopt the top-down risk-based approach recommended by federal regulators. "Following that guidance will likely reduce the number of operating unit controls they have to test and cut the time and resources devoted to compliance," he says. A recent survey by Deloitte & Touche found that SOX compliance costs plummeted when control testing was limited in the second year of SOX compliance (see table, Falling SOX Costs).

Microsoft Corp. has applied the regulators' advice to good effect in its payroll operations, says Marilee Byers, group manager of Microsoft's Financial Compliance Group. "We have eliminated many business-specific and location-specific control tests," she notes. "In their place we now test company-level payroll controls such as comparing actual performance versus the forecast in the budget."

Best Practices
When they rationalize their control structures, corporations reduce both the costs of compliance and the time and resources devoted to testing and control. "By building structure into the risk-ranking process," Wagner says, "corporations can replicate it throughout their organizations."

As a next step, corporations should "implement improvements even where it's not mandatory," he says. Rather than complain about SOX's cost and administrative burdens, Wagner adds, CFOs can serve themselves and their companies better if they "take the positive view. Identify where SOX applications can add value. By addressing opportunities for improvement, CFOs will build competitive advantage, reduce risk and increase shareholder value."

Many benefits will only be realized over the long term, Wagner concedes. But some improvements show up almost immediately. He cited the experience of a large global manufacturer-"a household name in households all over the world"-that undertook a rigorous process evaluation in its second year of SOX compliance.

"This company discovered that it had four different ways of billing the same customer, depending on the product line," Wagner told the conference. "This didn't just produce discrepancies and increase the risk of errors, it was costly and inefficient."

As this manufacturer learned, a systematic approach to SOX not only simplifies controls testing but can also:

• Reduce complexity;
  
  
• Improve the quality of its internal information; and
  
  
• Reduce the risk of a control scandal.

Add them all up, and the result is increased shareholder value.

SOX compliance also offers large enterprises an opportunity to identify internal best practices and standardize them throughout the enterprise. Microsoft, for example, recently reduced the number of accounting systems in use and standardized forms and procedures for the quarterly and fiscal year closing.

At the conference, Wagner described SOX as an opportunity to "connect strategic issues to remedial actions and improvement activities." The connection is forged through frequent communication, says Microsoft's Byers. The company, she notes, regularly convenes its far-flung finance professionals to talk shop and share their experiences, either in person or via teleconference. "It gives people a chance to talk about problems they've encountered and offer solutions," she says.

High-Level Leadership
Communication is perhaps the most visible sign of the leadership commitment that's essential to any effort to shape up with SOX. "If you're going to sustain compliance," Byers avers, "you need to set the proper tone at the top. Senior leadership needs to communicate the importance and benefits of strengthened controls, so that the organization doesn't lose momentum. It's appropriate to spend less effort on compliance in year two than year one, but the tone at the top has to be just as intensive."

Once the proper tone is set, the control and compliance office can challenge the organization's efficiency and effectiveness. Incentives are a valuable tool for gaining buy-in across the organization. "It's important to get employees to commit to compliance and reward them for it," Byers says. "People put a lot of effort into compliance, and they ought to be recognized." Typically, the reward for their efforts is a component in the determination of raises, bonuses and promotions, she adds.

"SOX is a lever," noted Wagner at the CFO conference. "It offers corporations an opportunity to connect strategic issues to the remedies and improvements required for full compliance." By reducing complexity, improving the quality of information and cutting the risk of a control scandal, large enterprises don't merely stay on the right side of SOX. They also learn to work smarter and deliver greater value to their shareholders.

Harris Collingwood is a freelance writer and editor in Cambridge, Mass. He is a former editor at the Harvard Business Review and BusinessWeek.