Sarbanes-Oxley Impacts Automation

“There oughta be a law.” That phrase seems to be the perennial cry after every malfeasance brought to the light of public scrutiny.

Such was the popular outcry after thousands lost huge amounts of money due to the actions of top managers of Enron, Tyco, Adelphia and others. And thus, the U.S. Congress begat another law—the Sarbanes-Oxley Act (SOX) of 2002.

“It’s a serious law,” states Glenn Schultz, director of security and maintenance businesses at Milwaukee-based Rockwell Automation Inc. “Infractions of the law can send people to jail.”

In fact, Boston-based analyst firm AMR Research Inc. estimates that companies will spend $5.8 billion on meeting Sarbanes-Oxley requirements in 2005. Despite initial thoughts that Sarbanes-Oxley spending would be a one-time expenditure, 36 percent of companies plan to increase spending, 52 percent will maintain current levels and 12 percent will decrease SOX spending. These results are based on a 2004 study conducted by AMR in which more than 200 business and Information Technology (IT) leaders were surveyed on their Sarbanes-Oxley and broad compliance spending priorities.

Rockwell’s Schultz believes that many manufacturers have already taken the necessary steps to ensure financial data is accurate—but only to the level of financial reporting systems. Since most manufacturers have deeply integrated their financial systems with their plant-floor automation systems, much of the source manufacturing financial data, such as raw material, yield, scrap and production counts, is automatically populated from information extracted from the automation systems. Says Schultz, “Surprisingly few firms have extended their SOX focus to ensure that the financial data within the automation system is accurate and immutable.”

Automation’s role

As Schulz explains the process, SOX paints a fairly broad picture, with a goal of guaranteeing better financial controls and thus better financial reports for companies regulated by the U.S. Securities and Exchange Commission (SEC). The Act left it to various governmental agencies to figure out the methodology for compliance. These methods are beginning to be promulgated. The reason that automation professionals must be concerned results from the initiatives of the past five years or so to integrate automation and financial data in both directions.

“In many companies, this is done in a robust way,” says Schulz. “The enterprise resource planning (ERP) system can feed information all the way down to machine level control systems for such items as production schedule. The control systems feed production, quality, scrap and other manufacturing information to the ERP system. Now, SOX says you must review all processes that impact financial reports, you must have controls in place to assure there can be no erroneous results or that no one can tamper with the data, and you must conduct a formal audit. Most companies stop with an audit of the IT system, but this is a critical error.”

One of the most important policies that automation professionals need to implement concerns change management on control systems. Not that such policies shouldn’t already be in place, but any change in the controls environment that can materially affect financial reporting must be traceable. So controls changes can’t be left to the whim of any maintenance technician without specific guidance.

Another important area to consider for SOX compliance is in the area of intellectual property. A material change in intellectual property must be reported to the financial community. Often, the means by which a company produces its product—that is, a recipe—is a company secret. These items are the jewels of the company, and must also be included in any audit, according to Schulz.

More in Control