CARY, N.C. (Dec. 17, 2003) – Merrill Lynch, one of the world’s leading financial management and advisory companies, has selected software from SAS, the leader in business intelligence, to help the company manage its operational risk and continue compliance with the Sarbanes-Oxley Act, the New Basel II Accord (Basel II) and other regulations.
The software solution, SAS® Corporate Compliance for Sarbanes-Oxley, provides publicly traded organizations such as Merrill Lynch with a repository of financial documents, processes and controls – from across their global operations – that can be monitored, tracked and analyzed.
"Merrill Lynch has built a solid reputation of responsibility, integrity and focus on its clients," said Dr. Jim Goodnight, president and CEO of SAS. "We are very pleased to be able to provide the power of SAS software solutions for compliance and operational risk management to Merrill Lynch."
Merrill Lynch will also use operational risk management software from SAS to identify, measure, and ultimately, reduce and control risk, Goodnight said. This combination will give Merrill Lynch an integrated, consistent interface and framework for risk and control self-assessment. As a result, this will help the company maximize return from data-collection activities while minimizing disruption to its business units.
Compliance and Sarbanes-Oxley
The Sarbanes-Oxley Act requires CEOs and CFOs of all publicly traded companies, with revenue of at least $75 million, listed on the New York Stock Exchange, AMEX or NASDAQ, to certify the accuracy of corporate financial reports. In addition, the act requires external auditors to verify executive management’s assertions about the effectiveness of internal control systems for tracking and auditing financial processes and reporting.
This new regulation places the accountability for internal financial controls squarely on the shoulders of senior company management and boards of directors. With personal accountability and corporate reputation on the line, executive management still faces a daunting challenge: collecting, organizing, analyzing and reporting on financial information from dozens of operational systems and general ledgers located in different business units around the world.
With SAS Corporate Compliance for Sarbanes-Oxley, global organizations such as Merrill Lynch are assisted in compliance by:
Assessment and validation of financial statements with sophisticated reporting and analytics.
Creation of an auditable, trackable, searchable repository for financial documents, processes and controls.
Consolidation of data from disparate sources more quickly and accurately.
Tracking, analyzing and reporting on risks and material changes.
Monitoring the effectiveness of compliance and governance initiatives.
Operational risk management
Operational risk is an emerging field driven by regulations such as the New Basel II Accord (Basel II) and by the desire of financial services firms to implement sound risk measurement and risk management practices. Certain provisions within Basel II require banks and financial services firms affected by the accord’s regulations to accurately evaluate and measure potential operational losses resulting from inadequate or failed processes and technology, as well as losses due to external events or human error. Basel II further requires that these firms set aside capital to cover these potential losses.
The integration of software for Sarbanes-Oxley compliance and operational risk management is a natural step for institutions that strive to go beyond pure compliance. Assessing, testing and reporting on financial controls are integral elements of operational risk management.
Operational risk management, however, is more than a compliance issue. It is widely acknowledged as a best practice within the financial services industry because it can enhance shareholder value by driving improvements in business processes, corporate governance, business continuity planning and financial transparency.