College
of Business Communications Feature
One
of an occasional series of feature stories on the web
Documentation and Testing | Impact
of Decentralization | J&J's
Response to SOX | About
the Speaker
Johnson & Johnson Executive Discusses
the Impact of Section 404 of Sarbanes-Oxley
Ronald G. Fulop gave accountancy students a corporate perspective on the Sarbanes-Oxley Act (SOX) last month. Fulop is vice president for internal audit, corporate staff, for Johnson & Johnson (J&J) and his auditing group is responsible for overseeing the internal financial controls of over 350 J&J entities worldwide. Fulop's talk covered some pressing challenges within his company because of SOX, the methods Johnson & Johnson implemented in response to the 2002 legislation, and a few personal observations about the act.
Documentation and Testing
At September's Lyceum lecture, Fulop talked of the challenge companies face when trying to adhere to the most important element of Section 404 of Sarbanes-Oxley, which requires a company CEO and CFO to sign off on underlying internal controls. It is a challenge he confronts with each of J&J's companies. "We have somewhere between 350-400 entities worldwide. Each year my internal audit group audits somewhere between 100-150 entities, but we don't get to every entity every year. So over time, we look at the controls, which include the maintenance of records that accurately reflect the transactions, among other elements. Section 404 requires that we ensure the existence of those controls and also that we document them. Well, among the things companies like to do least is document."
Fulop and his team spend a great deal of time and effort testing and documenting the controls of companies and ensuring that they adhere to the regulations of the Committee of Sponsoring Organizations (COSO). Fulop noted that the inability to audit every entity annually, and the compensatory work that must be done for companies that may not test or document their internal controls, can contribute to a number of "gaps and misses" within the documentation.
Impact of Decentralization
Fulop illustrated J&J's massiveness with some staggering numbers. Along with the production of baby shampoo and Neutrogena, J&J produces medical devices such as sutures and staples, the pain relievers Tylenol and Motrin, and Splenda, a no-calorie sweetener. The New Brunswick-based company is the 3rd largest pharmaceutical company in the world, employs more than 110,000 people, maintains over 200 operating companies, sells its products in 175 countries, and counts its total assets in the area of $48 billion.
Because of its market diversity and size, J&J is a decentralized organization. Fulop says this decentralization is welcomed, "The local management knows the marketplace and its customer better than people at corporate headquarters." But due to J&J's decentralization, Section 404 presents the corporation with challenges in the area of information technology. "This means we had to comply with the documentation and testing at all those entities around the world. We got hit heavy because our multiple planning systems meant we must comply with documentation and testing many times versus one time with a centralized company that has just one system."
J & J's Response to SOX
The 2002 Sarbanes-Oxley legislation was accompanied by an aggressive reform of J&J's auditing system. The corporation decided to extend the 404 requirements to every company within its organization. Fulop cited the adjustments that were made to each company's auditing practices, "We utilized the COSO framework: mandated that operating companies assess their controls, document, and test. Internal audit would provide the tools, train the companies in what they should do, and provide them advice and counsel."
Fulop sent roughly 80% of the staff in the internal audit department all over the world to help. "That was probably one of the few times people were glad to see internal auditors." After the companies completed the documentation and testing, the internal audit group evaluated how well each did. In addition, each company was given an internal control handbook and a joint assessment questionnaire.
Fulop looks at SOX positively and believes it already has led to formalization of many of the controls already in place at J&J. He believes that the act has drawn the departments within the organization closer, citing his close interaction with the law department to properly facilitate the adoption of Section 404 by the corporation's 200 companies. But nonetheless, there have been costs. With approximately 70-75% of his department working on Sarbanes-Oxley, roughly 800,000 hours and $40 million have been allocated annually to make sure that Johnson & Johnson is adhering to SOX regulations.
About the Speaker
A graduate of the Wharton School of the University of Pennsylvania, Fulop was appointed to his current position in October 1998. He was vice president for finance and information management at ETHICON Inc. for thirteen years. He resides in Neshanic Station, New Jersey, with his wife and three daughters. He is involved with several charitable organizations, including board of director positions with the American Red Cross of Somerset County and Special Olympics of New Jersey.
--Michael
Romain
October 2004