By Laton McCartney
While the Sarbanes-Oxley Act (SOA), is proving a major regulatory hurdle for publicly traded corporations, it is also providing a badly needed windfall to consultancies and other service providers. In fact, spending on compliance-related initiatives will reach $5.5 billion in 2004, according to AMR Research. That's more than double what AMR says that Fortune 1000 corporations allotted for SOA work in 2003.
More important, while up to 90 percent of last year's spending funded internal initiatives carried out largely by company employees, a third of the SOA outlay this year is earmarked for outside advisers and consultants. At the same time, corporations plan to spend more than $1 billion on SOA-related technology.
What's driving this growth? Simply put, CEOs and other C-level executives have discovered that meeting these new regulations is far more complex and costly than originally anticipated. And they need outside help ASAP. "Once they lift the covers and look at all that needs to be done, our clients are starting to understand that there's a lot more work than they realized," says Susanne Ruschka-Taylor, partner and Americas leader, Business Risk Management, IBM Consulting Services.
All those SOA dollars are being pursued by the usual suspects — the global accounting firms plus major consultants and systems integrators — as well as many smaller outfits and even a couple of relative newcomers. AMR senior analyst Dana Stiffler puts the various players into what she calls a "broad consulting bucket: any advisory, consulting, project management, or systems integration services not performed by a company's external, independent auditor."
She further divides the contenders into two groups: global accounting firms such as Deloitte, Ernst & Young, KPMG, and PricewaterhouseCoopers, plus second-tier accounting outfits including Crowe Chizek and Grant Thornton. "They're providing advice and tools," Stiffler explains of this bunch.
The second group consists of consultants and systems integrators, including IBM Business Consulting Services, BearingPoint (KPMG's old consulting group), and Technology Solutions Company (TSC). Typically these firms offer advice, remediation of business processes, and applications.
That's broad-brush. A closer look at the competitors reveals other significant distinctions. For instance, in recent years, four of the Big Five accounting firms shed their consulting businesses. The exception, Deloitte, tried to sell off its consulting operations in early 2003, but market conditions at the time were so poor that the sale was put off. "As a result," says Stiffler, "Deloitte is the only global player today that has both an auditing account function and a systems integration and IT function." For Sarbanes clients looking for one-stop shopping capabilities, that's a significant attraction. Only one other firm, the far smaller Crowe Chizek, offers the same capabilities.
A number of competitors have emerged because of SOA regulations and restrictions. For instance, under SOA, public corporations are prohibited from having their auditing firms develop and monitor controls over their financial reporting process. Rather than turn this work over to a Big Five rival that might walk away with their business, KPMG and Pricewaterhouse, among others, are bringing in smaller accounting and financial firms such as Lordi Consulting, West Chester, PA, to handle the work. The regulatory climate has also given a boost to a number of independent risk management consultants, including Parson, Navigant, and Protiviti. The latter is owned by Robert Half International and staffed by hundreds of former Arthur Andersen professionals and partners.
Different Approaches
For service providers, Sarbanes work encompasses everything from advising corporate boards on how to best deal with the governance and strategic issues raised by SOA to gruntwork in the trenches as clients struggle to meet the 2005 deadline for Section 404 compliance. In pursuing this market, business consultancies typically play to their own strengths in an effort to differentiate themselves, and necessarily often modify and refine their approaches and methodologies on the fly. "We started out on almost a situation-by-situation basis," concedes Edward C. Drosdick, CPA, director of SEC practice at Moss Adams, the Seattle-based accounting and consulting firm. The firm now uses its internal audit group to take the lead in every SOA engagement, while providing documentation, internal controls testing and validation as well. "The key thing that differentiates us from small firms is that, unlike us, they don't have internal audit capabilities."
Working with midsize companies as well as some small-cap clients with limited resources and at best sketchy financial controls in place can prove a major challenge. "We had a large CPA firm recommend us to one client," Drosdick recalls. "When we asked how the internal control system was documented, there was laughter. It wasn't." At many corporations, small and large, Drosdick and other consultants say, the necessary documentation is inadequate or exists largely in someone's head.
Dealing with midsize and smaller clients with limited budgets can prove dicey as well, especially as costs escalate. "We have one client who initially thought fees would amount to about $100,000," Drosdick says. But establishing an adequate mapping process and internal controls and audit has proven far more complicated than either the client or Moss Adams realized at the outset of the engagement. As a result, the fees have now reached the $200,000 level and are climbing.
Another SOA competitor, Chicago-based Parson Consulting, has positioned itself to benefit from accounting reform legislation. Since it does not conduct audits, it focuses on areas that are off-limits to auditors, often at their invitation. "We are a no-conflict financial management consulting firm and we're very accustomed to working with external audit firms," says Project Manager Ann Swaller.
With 1,000 or so clients, a third from the Fortune 500, Parson takes what Fuller describes as a "very practical approach" in terms of its SOA services. At the outset, the firm works with CFOs and company steering committees in drawing up full compliance plans, developing key checklists and inventories, providing risk assessment tools and controls, and often helping to implement major systems changes needed to support all these changes and streamline and integrate processes.
"Then we enter a pilot phase, which lasts two to four weeks," Fuller explains. "Here, we'll identify and go through one process with the steering committee. If they're comfortable with it, we move ahead with full implementation."
In contrast, fast-growing Paisley Consulting's entr
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.