The first attempt at re-establishing investor confidence was the certification of financial statements and disclosure controls and procedures. But investors don't worry only about numbers. A skittish market reacts to hints of fraudulent activity, complex accounting, lack of visibility into the drivers of earnings results and projections, complicated cash-flow reporting, operational and financial surprises, and unknown business risk. The market demands systems that connect diverse data flows and support real-time answers to financial questions.

Some companies are reacting to Sarbanes-Oxley by addressing the minimum requirements, considering only the new mandate to certify their internal processes on the financial reports they file at the end of 2003. But others are considering the broader implications. At a later date not yet set, the law will require the real-time disclosure of any event that might affect performance. Leading companies understand that the law leaves out many details—such as the definition of "real-time disclosure"—and that reacting literally to it today will leave them playing catch-up later. They're taking the opportunity to obtain true value by examining the underlying business issues that may be undermining their financial reporting.

10 Deadly Deeds In a Sarbox world, beware of these errors in financial record keeping: Records-management policy isn't linked to regulatory requirements Retention schedule is no longer reflective of the law departments Formal policies are nonexistent or inconsistent across departments. Records management covers paper records only. No one is responsible for administering the program. Retention periods aren't integrated with document management to purge documents. Employees are unaware of policy. There are no tools to authorize deleting documents There's no audit process to track what's happened. There's no indexing, so it's impossible to retrieve documents when required.

Since the impact of business risks will have to be communicated quickly, C-level executives are asking: What does real-time disclosure mean? How can I use it to increase shareholder value? Do all of our employees understand how they impact shareholder value? Many CFOs are asking their CIOs if their financial systems can even meet the real and implied integrity, credibility, and transparency requirements that Sarbox has defined.

Smart CIOs can make their CFOs' lives easier by suggesting three things: centralization strategies, simplification proposals, and standardization efforts. This may well be an opportunity to regain some control over business units that buy "best of breed" even if it's "most expensive to own." Perhaps you can use compliance as a selling point to standardize customer-numbering schemes, or SKUs, or HR rules. Maybe this time you can get that data harmonization and reconciliation project to really work.

True business value comes from strengthening finance, accounting, and performance-management processes. The goal of Sarbanes-Oxley is to force companies to think about their response to internal and external pressures, and to provide checks and balances on that response. If business processes and disclosure practices are designed around these end goals, compliance will come naturally.