Financial Controls Help Law Departments Navigate The Treacherous And Uncertain Waters In Sarbanes-Oxley's Wake

Wednesday, September 1, 2004 - 01:00

The Editor interviews Jeffrey L. Hodge, Vice President,
Product Marketing, DataCert, Inc. Questions can be addressed to him at

Editor: How do DataCert's products help law departments control costs?

Hodge: DataCert has developed electronic invoicing and legal spend
management solutions that help corporate legal departments manage the largest
component of their corporate legal budget - outside spend. Our leading product,
Advanced Invoice Management System (AIMS), facilitates the approval and payment
of electronic invoices between law firms and corporate legal departments. Using
AIMS, corporate legal managers can proactively analyze legal spend, improve the
sourcing and selection of outside counsel, optimize law firm performance and
leverage buying power for better pricing and terms.

Editor: Please tell us about your role at DataCert.

Hodge: I've been part of DataCert since day one. I began at DataCert
by creating our law firm implementation methodology and quickly turned to a
business development role, creating our partnering program and critical
relationships within the legal industry. Most recently, I have taken over as VP
Product Marketing, driving new product functionality and product messaging.

I've been delighted to be part of DataCert's growth. DataCert recently
landed the #6 spot on the Houston Business Journal's Top 25 Houston-Based
Software Development Companies list. This recognition is a tribute to our
exceptional product and service offerings and unique value proposition. We help
law departments to solve the very real problem of invoice review, approval and
payment. Our focus has allowed us to grow both strategically and operationally
to become the market leader.

Editor: What experience do you bring to your role?

Hodge: I have approximately 15 years experience serving the legal
industry in various capacities. Before DataCert, I was a Manager with
Pricewaterhouse-Coopers LLP in NY where I assisted Fortune 500 companies in
selecting, implementing and managing information technology, and before that I
worked in corporate legal and law firms.

I created the Legal Electronic Data Exchange Standard (LEDES) and was the
founder of the LEDES Oversight Committee (LOC). I have also served as an expert
witness on issues of data security in e-business, including testimony before

Editor: What challenges do law departments face in implementing the
Sarbanes-Oxley Act?

Hodge: Legal's challenges with regards to SOX are of two main types.
First, the law and regulations are very new and have yet to be tested. As such,
corporate lawyers will be asked to interpret both without a clear understanding
about how the law will impact corporations as they attempt to comply with the
law. At the same time, the potential impact of the law on corporations is very
big as is the potential impact on corporate officers, including, perhaps, the
chief legal officer or general counsel themselves. So, helping navigate these
treacherous and yet uncertain waters will be challenging.

Second, corporate legal itself presumably has responsibility for implementing
corporate financial controls regarding how it spends and accounts for outside
counsel fees and expenses and other dollars paid outside. The job of
implementing and enforcing financial controls and the systems that manage them
normally falls to CTOs and CFOs. However, where legal has systems that receive
and manage expenditures that hit the corporate books, corporate legal officers
will likely have responsibility for enforcing corporate financial controls for
those expenditures. These systems normally take the form of electronic
invoicing, matter management, spend management and in some cases nothing more
than spreadsheets and the like. The challenges will be finding systems that can
help legal comply and then meeting what are likely to be evolving compliance

Editor: How does DataCert help law departments to meet those challenges?

Hodge: As a provider of electronic invoicing and spend management
applications and services to corporate legal, which ultimately contribute to
broader accounts payable and reporting systems, our responsibility, we believe,
is threefold. First, we must ensure the security of the submission of electronic
invoices by law firms and vendors, making certain that the sender is authentic
and that the invoice that is sent is exactly the same as the invoice that is
received. Second, we have to provide corporate legal departments with the tools
that enable them to implement their corporate financial controls around their
legal invoice and spend management data residing in DataCert systems behind
their firewall. Third, our clients need to be able to monitor every invoice
receipt, approval and posting to corporate accounts payable so that they can
implement financial controls that mirror those of the rest of the corporation.
While DataCert can't define these controls for corporate finance, our
applications and services have to support our client's need to implement these

Editor: How can a legal department use DataCert's technology to document
what issues are getting its lawyers' attention?

Hodge: One of the things corporate auditors will be keen on as they
review the lifecycle of a legal invoice for SOX is who has access to the system
that manages invoices, who has actually accessed those invoices, and what action
has been taken on each invoice. This is the essence of the SOX requirement to
document, implement, test and certify adequate financial controls.

DataCert's applications and services have always been designed with the
highest levels of security, authentication and accountability in mind. Ideally,
every transaction can be tracked and traced in order to document a chain of
control for financial transactions in corporate legal. This includes which
attorneys have handled individual financial transactions and SOX-related issues.

Also, to the degree clients track matters in our products that reflect
Sarbanes-related work, those reports can be generated from our systems, or we
are happy to feed that data to any third-party application.

Editor: How can DataCert's technology help to document the amount of time
spent by what level of attorney in addressing issues of concern under the
Sarbanes-Oxley Act?

Hodge: DataCert technologies can document and report on user activity
in our applications at multiple levels of granularity. We are working to become
ever more granular in our ability to track every aspect of user activity. I
imagine our capabilities in this regard will continue to grow as the
implications of SOX are increasingly understood.

Editor: How can a legal department enjoy the economies of scale from
theDataCert technology and how can it be adapted to meet the legaldepartment's
specific needs?

Hodge: Economies of scale are inherent in our business model. First,
unlike other providers, our pricing is fixed annually and doesn't fluctuate for
the corporate client as new law firms or vendors are added to the system.
Second, because of the way our technology is designed, it is incredibly flexible
as to how much data it moves and handles from the largest to the smallest
corporate legal department. We move invoices to clients from as many as 900 law
firms and vendors worldwide as well as to clients receiving invoices from as few
as a half dozen domestic firms. Third, our technologies are intended to
integrate to existing matter management, AP and other systems, but are also
extremely effective for many of our large and small clients that do not have
matter management or which don't require an automated feed to accounts payable.
DataCert meets the client's needs. We do not ask that they change to suit our

Editor: How does the DataCert technology enhance relationships between a
legal department and its law firms?

Hodge: As we review annual survey results from many of the large
consultancies and legal organizations, it is clear that the most contentious
issues between firms and clients are related to financials - adherence to
billing guidelines, firms' dedication to controlling costs, etc.

Although DataCert can't control what firms and vendors bill, we can give
corporations the ability to electronically validate incoming invoices against
their billing guidelines automatically. Those invoices can be automatically
rejected, adjusted or individual violations can be highlighted for client
review. This makes the process of monitoring and managing adherence to billing
guidelines much more transparent, standardized and predictable. We believe this
creates a level of fairness that both sides can deal with which in turn helps
the relationship. It is in the interest of both parties to be fair.

Also, electronically submitted and managed invoices tend to get paid much
more quickly. This makes firms happy, certainly, but it also gives the client
the ability to turn rapid payment into quick-pay discounts of as much as five to
seven percent net 30 days. Again, win-win!

Finally, inherent in an electronic invoice using standard coding is a wealth
of detail and information never before available to corporate legal, firms and
vendors. This allows both sides to understand the financial relationship at a
depth and to a degree never before possible. With understanding comes confidence
that the relationship is equitable and fair, or it gives both parties an
understanding of where differences are which can inform reasoned and fair
changes in the relationship.

Editor: How is Sarbanes-Oxley a watershed event for corporations?

Hodge: Technology, process, procedure, rigor - these are all outcomes
of SOX that will, I believe, refocus corporate law departments on their march
toward change that began in earnest more than a decade ago. We know that our
clients will embrace the change, and it is, I believe, incumbent on those of us
that service corporate America to blaze this trail with