Deadline for Sarbanes-Oxley compliance extended

Computerworld - Under a new rule passed yesterday by the U.S. Securities and Exchange Commission, large publicly held companies will have until mid-2004 to meet the financial reporting and certification requirements of the Sarbanes-Oxley Act of 2002.
As part of the ruling, which requires publicly traded companies to document their internal accounting controls, most publicly held companies must begin the new practices by June 15, 2004, nearly a nine-month extension from the first deadline proposed by the SEC last October.
Smaller U.S. firms and foreign firms will have to comply for their fiscal years ending on or after April 15, 2005.
The new rules are aimed at making it tougher for executives to commit fraud by requiring them to use extensive financial reporting controls.
To date, a handful of technology companies have developed systems to help companies meet certain aspects of compliance. These include vendors that offer reporting tools, ERP companies that provide control software, and document management companies, said John Hagerty, an analyst at AMR Research Inc. in Boston.
One firm, nthOrbit, a San Jose-based supply chain management software vendor, yesterday introduced a product called Certus that's aimed at helping companies develop the processes needed for compliance. It uses a framework-driven approach that no other technology company has yet taken, claimed Hagerty.
The company "has taken a different tack of trying to address the processes needed to reach compliance, not the features and functions" that other vendors such as Hyperion Solutions Inc. have addressed "by making the reporting process more structured," said Hagerty (see story).
Certus is priced at $100,000 to $500,000, based on customer revenue, said Deidre Paknad, nthOrbit's vice president of marketing and business development.
This week, Oracle Corp. is expected to formally announce a new set of software called Internal Controls Manager that's supposed to help companies manage their internal financial controls more effectively, said Hagerty.
Although the SEC's decision to extend the Sarbanes-Oxley deadline for public companies does give them "a bit more breathing room," Hagerty said he's concerned that some companies could also use the extension to delay work needed to reach compliance. "There's a tremendous amount of confusion" among IT managers and other business executives about what they need to do to help their organizations meet Sarbanes-Oxley compliance, he said.
Hagerty added that software such as Certus can help companies comply with Sarbanes-Oxley, "but no technology is going to guarantee compliance."