Public companies now have until November to comply with Sarbanes-Oxley provisions requiring that they document their internal financial controls. CIOs can thank Microsoft.
In March, the SEC extended for the second time the deadline for compliance with Section 404, so far the most expensive and IT-intensive part of law. The decision was in response to a January letter drafted by Microsoft and signed by its CFO, along with the CFOs of Cardinal Health, Costco, Procter & Gamble and the WD-40 company. The group argued that the existing June deadline didn’t allow enough time to react to anticipated rules defining how auditors should evaluate companies’ internal financial controls. Three of the five companies, including Microsoft, have fiscal years that end in June. The others’ fiscal years end in August.
The five companies argued that they need more time to test their systems and financial-reporting processes against the new standard, which was eventually issued by the Public Company Accounting Oversight Board on March 9. Says Steve David, CIO of P&G: “We don’t want to spend extra money to prepare for something that won’t be audited, and not prepare for things that will.”
It’s no coincidence that the CIOs at the five companies are involved with Sarbox compliance. But Richard Roth, chief research officer with the Hackett Group, says lots of CIOs are still out of the loop. Now, they will have more time to get involved.