As mentioned in Part 2, Section 302 of Sarbanes Oxley defines the expectation of the corporate leadership level of a publicly traded company. The impact goes beyond publicly traded companies to organizations that offer or receive goods and services across the supply chain. In simple terms that means practically every organization in the United States and most companies globally.
Section 404 is the most near and dear to project managers. It concerns the internal and external auditing of a publicly held company’s financial statement. The milestone or fixed date for this is July 15, 2006 as set by the Security and Exchange Commission. The rules from the SEC are succinctly stated:
The Commission has further extended the compliance dates for non-accelerated filers and foreign private issuers regarding amendments to its rules under the Securities Exchange Act of 1934 that were adopted on June 5, 2003, pursuant to Section 404 of the Sarbanes-Oxley Act. The amendments require a company to include in its annual reports a report by management on the company’s internal control over financial reporting and an accompanying auditor’s report.
The what (aka does this really matter) comes through two prongs of 404: the company’s internal control and accompany auditor’s report.
The auditor’s report is the hammer. Much of the publicity surrounding SOX concerned the corporate misdeeds of the companies and the auditor’s who did not discover or reveal those misdeeds. So you may find a bit more scrutiny about your project’s financial information and results; especially if your role is in portfolio management or in a PMO.
Internal controls are the nails.
They include questions such as how systems are updated, how a project’s financial information is tracked, and how project changes are approved. It is these internal controls that will most impact project managers. In addition to a robust project management methodology there are resources to help you. Here are three good ones to start with:
The Information Technology Information Library (ITIL see www.itilcommunity.org )
Common Objectives for Information and Related Technology (COBIT and its’ 34 objectives and 318 control points see www.isaca.org )
The Committee for Sponsoring Organization for the Treadway Commission (COSO see www.coso.org )
You can learn more about each of those at www.tapuniversity.com <br><br>
The fundamental swing is that project managers and project management is placed front and center with the cost concerns in addition to the traditional home of scope and time. Yes, I know cost is part of my favorite triangle, the triple constraint. However, as I’ve interacted with over 3,800 project management professionals in seminars, workshops and classes over the last three years I’ve found only a faction (let’s say 10%) record and track all of their project’s financial information. Internal employees (FTE’s) are the least likely to be tracked in terms of cost. Yet, without that data it is difficult to get accurate cost data.
The final part of Section 4 that warrants attention is 409. Nope, it’s not the cleaner. You could say it is meant to keep the books clean. Section 409 calls for the near, real time reporting of financial information. It’s based on the assumption that companies controls are in place (404) and executives/board validate attest to the results.
Here’s a good concluding question to think of that helps bring this all home (it also hooks in to 409). If your company was judged by the accuracy and near real time reporting of your project’s financial data, how would it be judged? There may be constraints to gathering and reporting that data, there also may be gaps in what’s available (e.g. we do not track internal employees as cost items), there may also be a reluctance to have project managers involved in the finance side of the house — yet each of barriers are crumbling as the pressure grows for organizations to understand and control their activities.