Merrill Lynch Focuses on Sarbanes-Oxley Compliance

Taps SAS to manage operational risk, continue compliance

Taps SAS to manage operational risk, continue compliance

Cary, NC — December 17, 2003 — Merrill Lynch, a financial management and advisory company, has selected software from SAS, a business intelligence provider, to manage its operational risk and continue compliance with the Sarbanes-Oxley Act, the New Basel II Accord (Basel II) and other regulations.

According to the provider, the software solution, SAS Corporate Compliance for Sarbanes-Oxley, provides publicly traded organizations such as Merrill Lynch with a repository of financial documents, processes and controls — from across their global operations — that can be monitored, tracked and analyzed.

Merrill Lynch said it would also use operational risk management software from SAS to identify and measure risk, said Dr. Jim Goodnight, president and CEO of SAS. He added that the combination would give Merrill Lynch an integrated, consistent interface and framework for risk and control self-assessment.

Compliance and Sarbanes-Oxley

The Sarbanes-Oxley Act requires CEOs and chief financial officers of all publicly traded companies, with revenue of at least $75 million, listed on the New York Stock Exchange, AMEX or NASDAQ, to certify the accuracy of corporate financial reports. In addition, the act requires external auditors to verify executive management's assertions about the effectiveness of internal control systems for tracking and auditing financial processes and reporting.

This new regulation places the accountability for internal financial controls squarely on the shoulders of senior company management and boards of directors. With personal accountability and corporate reputation on the line, executive management faces the challenges of collecting, organizing, analyzing and reporting on financial information from dozens of operational systems and general ledgers located in different business units around the world.

SAS said its Corporate Compliance for Sarbanes-Oxley is meant to assist global organizations such as Merrill Lynch by assessing and validating financial statements with reporting and analytics; creating an auditable, searchable repository for financial documents, processes and controls; consolidating data from disparate sources; tracking, analyzing and reporting on risks and material changes; and monitoring the effectiveness of compliance and governance initiatives.

Operational Risk Management

Operational risk is a field driven by regulations such as the New Basel II Accord (Basel II) and by the desire of financial services firms to implement sound risk measurement and risk management practices. Certain provisions within Basel II require banks and financial services firms affected by the accord's regulations to accurately evaluate and measure potential operational losses resulting from inadequate or failed processes and technology, as well as losses due to external events or human error. Basel II further requires that these firms set aside capital to cover these potential losses.

SAS said the integration of software for Sarbanes-Oxley compliance and operational risk management is a step for institutions that are looking for operational risk management as well as compliance. Operational risk management enables improvements in business processes, corporate governance, business continuity planning and financial transparency.

For more information about corporate governance and Sarbanes-Oxley, read the article " Few Firms Executing Sarbanes-Oxley Initiatives ."