This profile is the latest in a series of weekly conversations with executives at U.S. public companies who are currently involved in establishing and developing compliance programs. An index of previous conversations is available here.

Rumor has it you printed T-shirts for your Section 404 project team. True?

We did. One of the fun parts of our culture is that we commemorate these sorts of projects with T-shirts. We had them made for the steering committee, as well as the project team itself, to build some teamwork and show the company’s appreciation for what’s going on.

We’ve heard before that motivation is a major challenge, since the Sarbanes-Oxley requirements have evolved over time. Do you agree?

That’s very true. Some of the frustration we’ve experienced is precisely that. Not only have we had a difficult time figuring out where the goal line is, but there really isn’t anywhere to go and ask questions. Our external auditors don’t really know; their perceptions about what is required has evolved along with everyone else’s ...

But I do think we have a pretty collegial, high-energy organization at PSS. So while it’s perceived a little bit as a make-work project, our own perception is that there’s very little we will change for day-to-day management of the business. By the same token, we’re going to make a significant investment in this that won’t have a very measurable return from a shareholder or employee standpoint. As a distribution business, we’re pretty careful about our investment dollars—and we’re going to spend $2 million in this.

There will be some good to come out of it, don’t get me wrong. But it doesn’t have the same kind of return that we would spend $2 million to do.

How are you managing the 404 project?

From Day One we started with a steering committee: me, our vice president of finance, our corporate controller, our vice president of compliance, our chief information officer, and our senior vice president of operations. During the early part of the project while we were in the documentation phase, we had monthly steering committee meetings—to build the team, but also to understand the approach we would take. In the last two months we’ve accelerated those meetings to twice a month, where we have a lunch meeting that usually lasts an hour or 90 minutes.

We’re now in the testing and remediation phase. We’re very focused on the timelines, making sure we have very detailed work schedules. We have resource allocation schedules. We watch the hours and the dollars very closely. We spend quite a bit of time reviewing results of the testing and the documentation that’s been completed. As we move forward, we’ll spend more and more time evaluating the weaknesses and deficiencies we find to determine whether they should be raised to the audit committee of the board.

When must you certify?

We’re March 31 year-end, so we’ll certify next March at the end of our fiscal 2005. We want to be done with testing and remediation by the end of our September quarter, and then use our December quarter for our auditor’s attestation and evaluation. That will give us one quarter as a buffer in case we have to go back and address anything in our procedures.

Which department does the grunt-work to get the project done?

It was a little bit of everyone. We engaged an outside consultant that brought us software to use—a company called Protiviti, a division of the Robert Half Group. We decided on them partly because of their independence (they’re not a public accounting firm) and partly because of the strength of the software package. We also designated some internal resources, including one of our systems folks and one of our financial reporting people. We have used some of our newer staff accountants and analysts on the project, and some temporary resources from an accounting and finance services group from Florida. We’ve also dedicated a fairly good chunk of our internal-audit resources to the project this year.

Who is the day-to-day supervisor?

We have co-project managers: our director of financial reporting and our director of financial systems. Obviously our systems guy focuses more on the system and documentation work, and our financial reporting person works more on the bindings and keeping the project on track.

How much of your time does all this consume? After all, CFOs do have other tasks to do.

I do, and this takes up an increasingly large amount of my time. I’d say in the first six months of the project it took up 10 to 15 percent of my time. Now it’s probably double that to 25 to 30 percent of my time.

And what oversight does PSS’ audit committee exercise?

We have a very active audit committee, and there is a standing agenda item on each committee meeting to give an update on the project—not only the progress, but the findings we’re seeing or any issues that come up as a result of the testing or documentation. The committee meets five times a year formally, and then we have conference calls another four or five times throughout the year.

What other parts of Sarbanes-Oxley have been nettlesome to implement?

The certification of fraud, for one. We’ve instituted some new procedures where we go deeper into the organization for certification of no evidence or knowledge of fraud. Now all our marketing managers and our operations managers—anybody who is aware of, or is affected by, kickbacks or inappropriate incentives or anything like that—we have now instituted a quarterly fraud certification.

Another thing I historically did was to sit down with division heads and controllers to review balance sheet and business performance on a quarterly basis. We’ve formalized that process now, so there’s certification and a formal written report from each division that goes into our files. We’ve also formalized our quarterly compliance checklist ... now we certify that all these things have taken place before we issue our financials.

PSS has sales and distribution employees in all 50 states. How do you convey those new policies to the workforce?

Each of our divisions has an annual sales meeting, where all of the sales force and all the operations folks come in for a week. We’ve had time on both of those meetings for the last year-and-a-half, and we’ll have another one here next month. We always make sure there is time in a breakout session where everyone is required to sit through a session on compliance, Section 404 and certification.

The company appointed a vice president of compliance in 2000 to “evaluate regulatory risk ... and implement risk reduction controls.” What exactly did she do?

You need to know some company history. PSS grew very quickly through the 1990s ... mostly through acquisition. We did more than 100 acquisitions in five or six years, and never until 2000 did we stop to integrate them.

From 2000 to 2002, the company was very focused on doing just that. We went from 75 locations to 50, put all our divisions on the same operating platform, put a common financial reporting and ledger system in place, and put common management processes and planning processes in each of our divisions where it didn’t exist before. The compliance officer was instrumental in getting us through that.

That must have smoothed the path for Sarbanes-Oxley.

Absolutely. Our compliance officer has very high credibility with the field—they don’t view her as a hindrance to do business, but more as a resource. People are very open and quick to call her whenever questions come up on how to react to an issue. Because of that credibility our compliance group has, it’s made it a lot easier to get through this.

How many people are in the compliance group?

About a dozen. It’s both compliance and tax (not federal tax, but sales tax, state tax, use tax and those kinds of things).

What are your compliance priorities for the next 12 months?

For me, having all of our processes and policies documented in a data repository—that’s where I’ll get a payback from the investments we’re making. I’ll be able to periodically review assessments of internal controls on a system basis, so I won’t have to call a special meeting or anything. And my people will as well, so my division controllers, corporate controller, my treasurer, my compliance officer ... they can use that repository of testing results and data to continually assess.

One thing that we’re going to continue to be is acquisitive. For us, having a framework to evaluate potential acquisitions is very important. It’s a vital part of the due diligence and targeting process is an assessment of the target’s internal controls. We can’t afford to make an acquisition of a company that’s going to come along with weaknesses that have to be addressed.

And of course, the most important question: what do your Project 404 T-shirts look like?

They’re golf shirts with the PSS logo on the sleeve, light green. There’s a circle on the chest with the words “Sarbanes Oxley” around the circle—sort of resembling Starbucks logo. About 50 or 60 employees received them.

Thanks, David.

Topics