Compliance Everlasting

To achieve ongoing compliance with Sarbanes-Oxley's Section 404, companies must be able to adjust their internal controls documentation.

Why is James Groberg, senior vice president and CFO of Volt Information Sciences Inc., concerned about Sarbanes-Oxley? For the past two decades, Groberg has instilled a conservative approach to accounting and an emphasis on internal controls into the $1.6 billion staffing and telecommunications services company. Volt's documentation of internal controls is complete. Testing of those controls is well under way. And, best of all, the company has until October 2005 to ensure that its Section 404 compliance is airtight.

Groberg's concern stems less from the stringent requirements of the legislation than from his acute awareness of the fluid nature of business. "Even if your documentation and testing are as thorough and complete as possible," he says, "your database of internal controls is only appropriate at a given moment."

In other words, things change. And some changes -- particularly acquisitions and major software implementations -- affect compliance. Most executive teams are anxious about meeting the first round of Section 404 deadlines. But managers in organizations with top-notch controls are worried about sustaining compliance beyond those dates.

Finance executives can ease these anxieties somewhat by establishing long-term compliance management teams, educating their workforce on the importance of internal controls, seeking input from external auditors before their first Section 404 attestation, and using software to reduce the burden of documentation.