Perspectives

Case Study

Sarbanes-Oxley Regulation:
More than Just Compliance

Industry & Client Situation 

A large investor-owned public utility was in the midst of going through necessary process changes to increase visibility and financial predictability throughout the organization as part of the Sarbanes-Oxley (SOX) regulation. The company, with assistance from their public accounting firm, identified multiple “control gaps” – areas in which there is limited visibility to reasonably assure stated goals and objectives can be attained. Several control gaps were tagged as a high priority indicating the severity of the gap as well as the urgency in having it remediated. Deadlines were fast approaching with several high priority remediation activities stalled to the point where their public accountants may have questions in signing off their financial statements.

In addition, given the SOX federal mandate and the highly publicized breakdown in controls leading to several corporate scandals, SOX compliance was a top priority of the entire organization having sponsorship from both the CEO and COO with the corporate Treasurer leading the overall initiative.

Approach 

With the assistance of Bridge Strategy Group, a cross functional team was formed and specific work plans developed for each of the high priority areas needing the most attention–most of which were in the Billing and/or Credit & Collections departments.

A four-phased approach was used across all areas: 1) Understand the control gap, 2) Generate potential solution options, 3) Develop remediation plans, 4) Implement and monitor remediation.

Understanding the gap involved two primary activities – understanding the purpose of the process and mapping the current process showing all critical activities and touch points with the different constituencies (e.g., other departments, customers, suppliers, partners, etc). Understanding the purpose was crucial as the main objective of this effort was to comply to SOX regulations as well as improve the process to most effectively accomplish its purpose. In understanding the gap, additional items that needed improvement were identified and scope re-defined as appropriate.

Generating solution options was a highly collaborative effort in which all process touch point areas took part allowing for more comprehensive solution options to be generated. Each option was reviewed to assess implications within the different departments and ranked based on a set of criteria such as process/information visibility and control, process efficiency, ability to meet and exceed “customer” (external and internal) requirements and cost to implement. Recommendations were then finalized with decisions made by departmental and SOX compliance executives.

Remediation plans were also made in a collaborative fashion as implementation would effect and involve multiple departments. Plans included detailed implementation steps, timing, roles/responsibilities and communications activities. Several remedies were simple process changes and immediately implemented. Others were more complex needing additional resources to implement (e.g., IT) with short term enhancements implemented so that the process would be in “control” while a more permanent solution was being developed. After all implementation activities, processes were monitored across the different departments and modified as needed to best meet the needs of each area.

Results 

A total of 15 control gaps were remediated either on time or ahead of schedule (within 6 months) – all of which were high priorities and very complex involving multiple departments and constituencies. During the remediation process, several additional improvement opportunities were identified and implemented that went above and beyond SOX compliance. Examples of these include the development of a corporate-wide Credit Policy and Refund Policy and implementation of process enhancements that increased controls and efficiency of making accounting adjustments in financial systems.

For this public utility, complying to the SOX regulation went well beyond compliance with federal regulations, it provided an opportunity to make lasting financial and operational gains in the form of increased efficiencies, lower risks and greater process flexibility throughout the organization.