Under a rule passed yesterday by the US Securities and Exchange Commission, large publicly held companies will...
have until mid-2004 to meet the financial reporting and certification requirements of the Sarbanes-Oxley Act of 2002.
As part of the ruling, which requires publicly traded companies to document their internal accounting controls, most publicly held companies must begin the new practices by 15 June 15 2004, nearly a nine months after the first deadline proposed by the SEC last October.
Smaller US firms and foreign firms will have to comply for their financial years ending on or after 15 April 2005.
The latest rules are aimed at making it tougher for executives to commit fraud by requiring them to use extensive financial reporting controls.
To date, a handful of technology companies have developed systems to help companies meet certain aspects of compliance. These include suppliers offering reporting tools, ERP companies providing control software, and document management companies, said AMR Research analyst John Hagerty.
One firm, nthOrbit, a San Jose-based supply chain management software vendor, yesterday introduced a product called Certus aimed at helping companies develop the processes needed for compliance. It uses a framework-driven approach that no other technology company has yet taken, claimed Hagerty.
The company "has taken a different tack of trying to address the processes needed to reach compliance, not the features and functions" that other suppliers such as Hyperion Solutions have addressed by making the reporting process more structured said Hagerty.
Although the SEC's decision to extend the Sarbanes-Oxley deadline gave public companies a little more breathing room, Hagerty admitted he was concerned that some companies could also use the extension to delay work needed to reach compliance.
"There's a tremendous amount of confusion" among IT managers and other business executives about what they need to do to help their organisations comply, he said.
Hagerty added that software such as Certus can help companies comply, but said no technology would guarantee compliance.
Thomas Hoffman writes for Computerworld