As it was at almost all public companies, the first year of compliance with Sarbanes-Oxley's Section 404 was anything but pretty at Advanced Micro Devices Inc., a $5.8 billion microprocessor producer with corporate headquarters in Sunnyvale, Calif. Costs were much higher than anticipated; demands on resources, much greater. Like most companies, AMD vowed that Year Two would be different. But as the arrival of the external auditor drew near last year, Vivek Sharma, group controller of finance, and his internal controls team had not come to grips with the most stressful problem of Year One–the epic flood of e-mails between external auditors and AMD staff around the globe. For weeks on end, thousands of pings disrupted the business of AMD with requests for documents and, more often than was acceptable, requests for the same documents from different staff members at different times or for documents the company had already supplied months earlier. "Any change in team members on our side or by the auditor could require that parts of the process be performed again," says Sharma.

Then, with only days to go before the 2005 external audit, the team had a "Watson, I need you" moment. Could its recently acquired compliance workflow platform be used to manage all communications between the company and its auditors? It was an idea that even the maker, Movaris Inc., hadn't considered. Yet, within three days, a Movaris developer helped AMD create a communications management tool. When AMD's external auditors began work, the internal controls team asked them–in fact, instructed them–to channel all communications, including requests for documents and even questions of the team about SarbOx testing, through the Movaris system rather than traditional e-mail. "We created a communications tool [through which] a user in the system can track auditor requests, based on mega process workflows. [The user] can see who created a workflow, who it was assigned to and when, and follow up," says Sharma.

Before they started their testing, auditors were given access to the tool and trained on how to use it. Repetition was reduced because, in just a few clicks, the company could see if a new request had already been addressed, cutting out needless waste. "If auditors had a question, it had to be documented in the tool," Sharma explains. "There's a lot of effort around communications, so if you can automate and centralize the process in a database, your life is so much easier."