Contact | Sitemap | CGOC

Solutions Customers Partners CGOC Resources News & Events Company Support Atlas Suite Atlas LCC for Litigation Atlas ERM for Retention Map of Data Sources Solution Partners Expert Ecosystems Become a Partner News Speaking Engagements CGOC Events Press Releases For the Press Overview Leadership Board Investors Contact Us Careers

Home

Custom Compliance

PSS Systems' Deidre Paknad talks about the challenges of implementing Sarbanes-Oxley regulations.

March 19, 2004 (Silicon Valley Biz Ink) -- The Sarbanes-Oxley Act was signed in 2002, sending a shockwave through the corporate world. The message was that the government was serious about cracking down on shoddy corporate governance at a time when scandals eroded investor confidence and executives could be seen doing the "perp walk" on the 10 o'clock news.

Increased government regulation has left companies scrambling to meet compliance deadlines. At the forefront of those efforts is Palo Alto based PSS Systems Inc., which provides software that is used to manage documents and records. PSS Systems also recently launched an independent forum called the Compliance, Governance, & Oversight Council, designed to provide expert insight as well as advice to corporate executives responsible for their company's governance practices. Deidre Paknad, president and CEO of PSS Systems, talked with Biz Ink reporter Thomas Zizzo about compliance issues related to Sarbanes-Oxley.

The deadlines for section 404 of the Sarbanes-Oxley Act dealing with certain internal controls were pushed back. Is this a sign that companies are having a hard time with compliance?

I don't think it means that companies are having a hard time necessarily. I think it's a very difficult task, a substantive one as oppose to a superficial one. I think it means people left the gate late. I also think the fact that the Public Company Accounting Oversight Board hasn't yet agreed upon the standards for internal controls makes it very difficult for an auditor to render an opinion; that gap needs to be bridged so the auditor knows what they're looking for.

E-mail and instant messaging have changed the way companies and people communicate with each other, but have the technologies created too many internal records to maintain and track, thus slowing down compliance efforts?

It doesn't hinder compliance efforts, but it changes the landscape. E-mail is a delivery system. It's used to deliver short sentences to long paragraphs. It's also used to deliver documents, presentations, reports and so on. You need to be able to comply in a digital environment and not just a paper environment. I'm finding a lot of companies' systems and methods include record keeping [techniques that] are now fundamentally altered; that [method of] paper record keeping doesn't work.

Ninety-five percent of [records] are not e-mail necessarily, but 95 percent are certainly electronic; they're electronically authored, they're electronically distributed and they're electronically stored.

How much is compliance costing?

That's a tough question; there's so many variables involved. For example, what condition were the controls in the first place? There are two components to compliance costs: the things we are required to do and the things that would be prudent to do. When you've got companies that are facing a great deal of scrutiny, they ask themselves, "How responsive are we to the government's inquiry?" and "How expensive is it for us to be responsive?"

So when the government comes to a company and says, "We're doing an inquiry and investigation and we'd like you to produce all your records and documents for this period as it related to a particular transaction, deal, customer or whatever," they don't know where it is. It's on my hard drive and your hard drive and this file server; in fact it's in all three of those places. The electronic paper chaser is really, really expensive for companies right now. The estimates are a [25 cents per] digital page. So if you can't produce the right piece of information because somebody has deleted it and they should have known there would be an inquiry, it's 20 years in jail. It used to be a $10,000 fine, which everybody would tolerate, so 20 years in jail is pretty expensive.

The two sides of compliance right now are, "I need to do the minimum requirement, but I also need to be responsive to a regulatory inquiry." There's a whole lot of new regulatory inquiries associated with Sarbanes-Oxley, and the [legal] cost of that response is 10 times the cost of compliance or non-compliance.

How has Sarbanes-Oxley affected pre-IPO companies?

If they plan to go public sometime this year, they have a little bit longer to go [before compliance deadlines because they are still private]. It's really smart for a young company to follow internal controls, particularly around section 404 -- which are controls for the integrity of the processes and the record keeping of those processes as it relates to how companies produce their financial statements.

I think companies that are relatively fresh and young with discipline around cash flow have very little margin or fluff to have sloppy controls. When you're a young company I think building a business environment or putting the controls in place as you grow is in fact quite useful. For a 75-year old company with 45,000 employees across 26 divisions retrofitting controls is a much more difficult process.

You can reach Deidre Paknad at deidre.paknad@pss-systems.com and Thomas Zizzo at tzizzo@svbizink.com.