Sarbanes-Oxley Blamed for Slowdown in New Systems Spending

August, 2004

Some analysts think that spending for enterprise software in the rest of 2004 may slow down as public companies freeze systems in preparation for a key Sarbanes-Oxley (SOX) milestone that comes up at the end of this year. The relevant part of SOX in question is Section 404, which requires management to certify their financial reporting and adequacy of internal controls.

The thinking is that, at first, in preparation for Section 404 compliance, large companies invested in new software to better enable internal controls and financial reporting. That would partly explain the mini-boom in software spending last year. But now as the Section 404 deadline approaches, management is freezing systems to avoid any potential disruptions to those controls. According to an article on CNET:

As the compliance deadline draws nearer, companies will freeze plans to purchase and install new financial software, fearing that major last-minute changes to business systems could compromise their compliance efforts, [JMP Securities analyst Patrick] Walravens predicted. The clampdown should begin in October and could last about six months, causing certain software companies to miss first and fourth-quarter earnings targets, he said.

Walravens thinks his predicted slowdown will hit SAP the hardest. SAP, predictably, doesn’t think so.

SAP spokesman Bill Wohl disagreed with the report. “SAP continues to see strong demand from customers to invest in solutions that address the challenges of meeting regulatory requirements, like Sarbanes-Oxley,” he said. “We have not seen any slowdown, nor do we anticipate one.”

Personally, I think the impact of SOX on spending for new IT systems — either positively or negatively — is overblown. My own observation is that public companies are indeed spending a lot of time, money, and effort on SOX compliance, but as I pointed out over a year ago it is mostly in the form of internal efforts supplemented with outside consulting to establish, test, and document those internal controls. If anything, it is the professional service firms that are largely benefiting from the compliance effort.

September 2004