After a decade, many power and utility executives still regard the Sarbanes-Oxley Act of 2002 (SOX) as a pure compliance exercise, causing a recurring drain on resources and personnel.
But some believe it’s time for a new way of thinking.
Chief financial officers (CFO) of power and utility companies have the opportunity to reconsider their SOX programs as an opportunity to potentially improve compliance, create operating efficiencies and trim costs. Doing so will require that CFOs automate controls and workflows, commit to continuous improvement and integrate compliance programs across the organization.
The challenge is to move from an essentially reactive risk-management mindset to a proactive approach that anticipates risks.
This rethink is possibly an ambitious agenda. U.S. power and utility companies are yoked to a heavy load of compliance requirements from state regulators, the North American Electricity Reliability Corp. (NERC), the Federal Energy Regulatory Commission (FERC), the Department of Energy, the Securities and Exchange Commission (SEC), and other regulatory agencies. With so many agencies in the mix, it’s no surprise the rules are constantly changing.
Most executives, in fact, believe that regulations will increase in the coming year. A global survey of executives and risk-management leaders conducted by PwC found that nearly 62 percent of utilities respondents rank changes in regulations and government policies as a top risk this year. (See Risk in Review, PwC, March 2012.)
Compounding these increased regulatory obligations are lingering economic uncertainties. Power and utility companies remain under tremendous pressure to do more with less—especially as projected capital spending associated with upgrading fossil and other generation plants, in addition to projected investments in new technology such as smart grid, has capital project budgets in the billions for most. Couple this with the limited ability to increase rates in this struggling economy and the pressure state commissions are feeling from ratepayers to maintain or even lower current rates.
CFOs have a lot to worry about, and might think their SOX programs are operating efficiently. Financial controls have been approved, the program is in place, and the process appears to be working. This type of thinking, however, ignores today’s continuously evolving financial risks and opportunities to address those risks more holistically and cost-effectively. For most companies, the challenge is to move from an essentially reactive risk-management mindset to a proactive approach that anticipates risks by combining the right controls and continuous monitoring with streamlined, automated compliance processes.
It’s a challenge that can pay off with compelling rewards. In helping power and utility companies update their SOX programs, a comprehensive compliance initiative can generate significant savings. Dollars don’t tell the whole story, however; SOX controls can be extended to other compliance requirements to unify and improve monitoring and reporting across the enterprise.
Three key steps can help companies get more value from their SOX programs: Expand the use of technology to automate controls and enable continuous testing; constantly monitor and improve lean processes; and integrate compliance controls across regulatory requirements.
Automating for Efficiency
Automation of controls, testing, and workflows for SOX activities can significantly ease control testing efforts while boosting reliability. Put