Building Apps for Sarbanes Regs
Nationwide Financial ($91 billion in assets, Columbus, OH), in anticipation of the SEC's final version of the corporate governance rules contained in the Sarbanes-Oxley Act, has developed a Lotus Notes-based internal documentation process that should meet the internal reporting requirements for the Act.
"We put a stake in the ground and we defined internal accounting controls and we decided we needed a system to analyze, track and slice and dice internal controls," says Dennis Drent, vice president, internal audits, Nationwide. "We had to get to the point where the CEO and CFO would be comfortable with our internal controls. And we had to make it easy for the CEO so he could go in and monitor the controls" through a user-friendly interface, he adds.
Developers for the internal auditing area documented 178 unique processes, each with six to eight controls per process, for the Nationwide Financial internal reporting database. "It is essentially a massive, massive database that documents all of the controls," says Ken Seaman, Lotus Notes developer, Nationwide Financial. "If it wasn't for the Lotus technology, all of this would be put in a binder.
"Because we decided to build it in Lotus Notes, we can do slicing and dicing of data, and we have security controls," so only employees who are authorized to view the content have access, Seaman adds.
While developing the internal control documentation in Lotus Notes gave the carrier an available distribution method and a set of security features, even Drent admits that Nationwide is very far ahead of the rest of the industry. "Nationwide has jumped out much farther ahead of the other companies," he says. "Even the big accounting firms are shying away from this while they wait for the final rules to be announced. So even if we wanted to purchase a compliance product in the marketplace, there aren't any available."
But Drent says that even if the final rules are different from what Nationwide is expecting, the company will still be in better shape than if it had to start from scratch when the version is announced. "We took a very narrow definition of internal controls," Drent says. "At the technology level, oursystem is pretty generic. If the SEC broadens the definition of internal controls, we will have to broaden our system to be compliant. But it shouldn't be much of a problem.
Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio