Aquila, Inc., an electric utilities company, is so serious about complying with Sarbanes-Oxley Act internal-controls rules that it’s requiring all employees — from line workers to the chief executive officer — to complete an online ethics training program.
Indeed, the problems featured in the program reflect that range of participants. One example, for instance, involves a meter reader who must read all the gauges on a particular route by today so that the readings would be included in this month’s billing cycle. At the end of the day, however, the meter reader hasn’t reached the end of the route, so a colleague offers to split the remainder of the route and suggests entering estimates for that part of it. The training materials examine the situation, explain that good internal controls practices dictate that estimated meter readings shouldn’t be used for bills, and instruct the meter reader to contact a supervisor for guidance.
The course also asks employees to create a “personal action plan” listing how they can meld lessons from the training with their daily responsibilities. In such plans, employees can identify which activities in their group they should monitor to ensure their operations run effectively.
Introduced last year, the one-hour course includes explanations of “Internal Control—Integrated Framework,” produced by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Based on the widely accepted COSO guidelines that Aquila has adopted, the course features hypothetical examples of work situations in which ethical values come into play.
After the course was first given, the program directed employees to a secure Web site to express anonymously any concerns they have about the business. Employees were asked to provide demographic information that includes whether or not they were union employees, the state in which they worked, and whether they were corporate or field employees. Aquila’s corporate compliance officer culled the responses and presented them to the board of directors, says Lynn Fountain, vice president of risk assessment and audit services at Aquila.
With a growing number of companies reportedly striving to cut costs by handling more compliance functions internally, executives at companies like Aquila are paying more attention to training employees about the ins and outs of Sarbanes-Oxley. In the early stages of compliance with Section 404 of the act, the provision that covers internal controls over financial reporting, businesses largely outsourced compliance functions because of time and personnel constraints, observed Anne Marchetti, the global practice director for governance and risk management at Parson Consulting.
Although companies expected compliance costs to decline this year, however, most haven’t experienced a reduction, Marchetti observes. “Part of that is because they have not developed an ongoing compliance plan and educated the organization,” says Marchetti. Indeed, compliance costs related to Sarbanes-Oxley will rise from $5.5 billion in 2004 to $6.1 billion in 2005, according to an estimate by AMR Research in Boston.
But cost concerns and plans to handle compliance in-house aren’t the only reasons companies might have plunged into the training game. Indeed, having a workforce savvy in the ways of Sarbox and COSO could in itself become a compliance necessity. “Companies have not thought of material weaknesses related to people, but it’s a possibility,” notes Michael Mellor, director of the change and program management effectiveness group at PricewaterhouseCoopers.