Treasury staffs' to-do lists are growing as they work to comply with Sarbanes-Oxley. The benefit down the road might be an enhanced role for treasurers within their organization.

Like most of his peers, Terry Endsley, vice president and treasurer of Navistar International Corp., has put in many long hours over the past 12 months working to ensure that his company fully complies with the mandates of the Sarbanes-Oxley Act. Warrenville, Ill.-based Navistar, a holding company for commercial truck and diesel engine producer International Truck and Engine Corp., had effective controls in place long before the law was enacted, but the task of documenting those procedures has taken on a life of its own.

For example, Endsley estimates that Navistar's 25 treasury employees have spent a total of 1,000 hours learning to use new documentation software and working with internal auditors to ensure that the company's control procedures result in financial statements that accurately reflect its performance. It's a complex, ongoing process. "We are all going through a period of documentation and systemization that's going to be painful," reports Endsley.

For most organizations, a large part of the compliance pain is its cost. Data from The Hackett Group's 2004 Book of Numbers suggests that finance departments' increased spending on compliance activities is offsetting cost savings elsewhere within the function. While the cost of operating a finance department fell each year between 1992 and 2003, the declines have leveled off in recent years. Companies spent an average of 1.08 percent of their annual revenue on finance in 2004, down only slightly from 1.2 percent in 2000. One reason: Finance departments' annual compliance spending rose from 0.065 percent of overall revenue in 2000 to 0.09 percent in 2004.

Many treasury executives discern a silver lining in the Sarbanes-Oxley cloud, however. Down the road, they expect to leverage their compliance experience and expertise to expand their role within the organization.

These treasurers view Sarbanes-Oxley's impact on their department as a two-phase shift, according to Tom Morrison, vice president of product management with New York City-based information and technology applications provider Thomson Financial. For now, they are focusing on meeting the law's documentation requirements. "There's the short-term practicality of getting it done," he points out. However, as they bring that phase of their function's compliance effort under control, treasurers can start to take on a more proactive role within their company, he says.

Documentation Deluge

Sarbanes-Oxley's Section 404 is largely responsible for the laborious documentation work most treasurers are all too familiar with. This section requires management to make an annual assessment of the company's internal controls, notes Neil Falis, a partner with Atlanta-based law firm Kilpatrick Stockton LLP. Section 404 also requires that outside auditors report on that assessment.

If they haven't already done so, treasury staffs need to document the internal controls that govern almost every aspect of their work -- executing trades, consolidating cash, wiring payments and investing excess funds, for example.

Even for organizations, like Navistar, that have robust controls in place, documenting those procedures is an arduous task. Lyle J. Katz, vice president of capital markets with $26.6 billion global media colossus Viacom Inc. in New York City, reports that even routine reviews of his colleagues' work must be documented. "We used to do a lot of checking and double-checking, but it was more informal," he says. "Now I have to send an e-mail that says I checked it."

The fact that Section 404 does not specify the type or amount of documentation that companies must produce greatly increases treasury's compliance workload. "When do you stop doing Sarbanes-Oxley? There is no answer, so everyone overdocuments," says Jeffrey Wallace, a Naperville, Ill.-based partner with consulting firm Treasury Alliance Group LLC. Treasurers are keen to ensure that it won't be their department that drops the compliance ball and causes the external auditors to refuse to certify the company's financial statements, he notes, so they are double- and triple-checking their compliance work to ensure that documentation problems don't come back to haunt them.

Technology can be a tremendous aid for companies struggling to navigate Sarbanes-Oxley's documentation requirements, according to Thomas M. Degnan, vice president of treasury operations with Charter Communications Inc., a St. Louis-based broadband services provider with $4.8 billion in annual revenue. His department's compliance drive leveraged a treasury application from Dallas-based Trintech Inc. "We stayed pretty close to the cutting edge," Degnan observes, "so we were the first department [within Charter Communications] to get Sarbanes-Oxley done."

Degnan's department implemented the Trintech software back in 2000 and 2001, in part to streamline its processes after the company completed a series of acquisitions. At that time Charter Communications was using 23 banks in 27 locations and processing payments from about 6 million subscribers each month.

The new system enabled the company to slash its roster of banking partners to two institutions in five locations. The software automatically retrieves bank statements and account files from those providers and feeds the data into Charter Communications' accounting system. It also provides daily bank reconciliation. Before the company implemented the treasury application, it had used Microsoft's Excel spreadsheet software to manage its bank reconciliation processes, Degnan reports.

While spreadsheets are a valuable tool for ad hoc reporting, they lack the controls companies need to ensure the integrity of their critical financial reporting processes. Any number of employees can access a spreadsheet application, and this tool doesn't provide an audit trail that would enable managers to track new entries or changes and identify the person who made them, notes Mason Gilliland, industry practice manager with Trintech. Many treasury organizations that historically have relied on spreadsheets to manage their operations are switching to treasury management software packages that incorporate controls.

As they have reviewed, flow-charted and documented their control procedures, even the most tightly run organizations have found some processes that could use a bit of strengthening. That's true of Regis Corp., a Minneapolis-based operator and franchisor of hair salons, beauty schools and hair loss centers. The company's compliance effort "made people scrutinize things harder and ask where the risks lie," says Kyle Didier, vice president of finance.

For instance, access controls for the company's Sungard treasury system had loosened over time. "We looked at the system and made sure that only people who truly need access have it," Didier reports. Regis changed some employees' access status from "view and change data" to "view only."

Risky Business

Sarbanes-Oxley's Section 302 also significantly impacts treasurers. It requires corporate officers to certify that their financial reports do not contain any untrue statement of a material fact and do not omit any material facts.

That mandate means that corporate officers cannot omit mention of material risks their organization faces, according to Gary Bierc, president and CEO of The Kingson Group Ltd., a risk management consulting firm based in Pasadena, Md. In this context, the term "risk" takes on a broader meaning than it usually carries, he adds. It covers "anything that could negatively or positively impact the success of the company," including relatively remote contingencies such as the possibility that much of the company's sales force might quit, resulting in a sharp drop in its customer base.

The task of identifying and assess-ing significant threats to a company's performance might appear to be never-ending, since the list of such exposures is potentially infinite. Where does a treasurer draw the line?

Compliance-savvy treasuries are turning to enterprise risk management (ERM) to gain a holistic view of their organization's risk profile. It's a comprehensive approach that goes well beyond traditional risk management strategies such as purchasing insurance to guard against catastrophes and using hedging instruments to offset exposure to fluctuations in foreign exchange rates, notes Carolyn Brancato, director of the global corporate governance research center for The Conference Board Inc., the New York City-based business information provider. ERM can help corporate management -- including the treasurer -- to identify risks that threaten the value-generating areas of the company.

Brancato suggests that organizations draw up what she calls a "heat map," a report detailing risks that, if realized, would negatively affect earnings. The report should estimate each risk's probability. And it should consider both financial and nonfinancial threats because the two eventually converge. For example, quality problems don't initially impact an organization's income statement. Left unattended, however, they can decimate revenue.

The benefits of this approach extend far beyond compliance. "The most valuable thing about the exercise is that it gets everyone to focus on drivers of success and the vulnerabilities to success," Brancato says. Companies that have considered a variety of scenarios can more easily respond to challenges as they arise.

Treasury is the corporate function that's best-positioned to drive the assessment and analysis of enterprise risk that corporations will need to undertake in order to ensure compliance, according to Bierc. Says Brancato: "The treasurer has a unique role in pulling together information on managing the risk in a company." She adds that treasurers "play a vital role in quantifying risk."

Bruce Lynn agrees. He's managing director of The Financial Executives Consulting Group LLC, a management advisory and financial placement firm headquartered in Darien, Conn. Treasurers "are on the front lines when it comes to monitoring a company's exposure to market or credit risks," he points out.

A Career Boost?

While it's too early to determine Sarbanes-Oxley's long-term impact, some treasurers say they've already noticed a gain in influence. For starters, the legislation has helped managers outside the treasury function understand the significance of the issues treasurers routinely raise in discussions of corporate strategy. "In the past, when we talked about where the risks lie there was a tendency [for some colleagues] to think that we were overreacting," says Regis' Didier. "Now people realize that even smaller things can become very large."

In addition, business units are seeking treasury's advice earlier in their decision-making processes, Thomson's Morrison reports. Before the passage of Sarbanes-Oxley, business units looking to finance a new project would sometimes complete their ROI analysis before calling on treasury's expertise. But now they are turning to treasury earlier in the process to ensure that their financial assumptions -- for example, the likely cost of obtaining a loan -- are reasonable.

At the same time, Kilpatrick Stockton's Falis warns against overestimating Sarbanes-Oxley's impact on treasury. "The treasury function is more important than it was three years ago, but that's the case with most other areas [within finance] as well," he points out.

While Sarbanes-Oxley may not provide an automatic career boost for treasurers, it has certainly increased their visibility within the finance department. Treasurers can leverage that enhanced profile to improve their organizations' performance -- and to ensure that the gain is accurately reflected in its financial reports.