Fewer than 20 per cent of Australian companies with US exposure have implemented the record retention policies necessary to comply with the Sarbanes-Oxley Act, according to Hummingbird business solutions director Alan Weintraub.
Penalties under the Act include a 20-year jail term and the legislation applies to all Australian subsidiaries of US companies.
Speaking at a roundtable in Sydney last week, Weintraub said record-retention requirements for foreign companies is covered under Section 802 of the Act which the US government introduced last year to legislate against corporate fraud and establish financial reporting and disclosure policies in the wake of the WorldCom and Enron scandals.
Companies must retain electronic records for seven years under the Act, which is already the minimum standard for Australian companies under local legislation.
Weintraub said section 404 of Sarbanes-Oxley requires auditors to certify that business processes supporting internal controls used for financial results are "accurate and honest". The implementation deadline is June 2004 for US-based companies and April 2005 for foreign issuers.
Nearly 900 IT executives surveyed by Meta Group in June identified section 404 as the most critical part of the Act and another poll of 100 companies last month found 90 per cent engaged in Sarbanes-Oxley projects.
Due to the global scale of compliance, Meta Group analyst John Van Decker said Sarbanes-Oxley is a means of improving business efficiency and lets CIOs deploy applications that provide visibility, transparency and fraud protection.
Director of business mentoring firm the Santa Clara Group, Tony Surtees, said the Act is like Y2K times one hundred.
"With Y2K no one went to jail. Y2K came and went, it was an event. This is an earthquake which will change the direction which companies go in the future," he said pointing out that most companies currently have very poor controls in place.
The US Securities and Exchange Commission estimates that internal controls provisions will cost companies about $1.24 billion annually.
According to the The PricewaterhouseCoopers (PwC) Technology Forecast: 2003-2005 report released last week, updating technology to comply with legislative changes will make up the bulk of spending in the next three years eating up to 70 per cent of IT investments.
The high-profile collapse of Enron in the US and HIH in Australia has highlighted the need for increased transparency in company reporting and led the way to changes in legislation through the Sarbanes-Oxley Act in the US, CLERP 9 in Australia and Basel II in Europe.
- with Gary Anthes