Spending too much on compliance? IT can cut costs

By Charlie Russo, News Writer 11 Aug 2005 | SearchCIO.com

Digg This!     StumbleUpon     Del.icio.us

A new report says that an overwhelming majority of Sarbanes-Oxley compliance problems filed with the U.S. Securities and Exchange Commission can be attributed to systems and staff outside of IT. Technology systems and related personnel accounted for only 3% of the problems, and most compliance failures had to do with accounting, finance and staffing issues.

In the Gartner Inc. report, author Carol Rozwell examined 208 companies to learn about the sources of SOX pain. She concluded that many shops are still suffering a lack of automation when it comes to SOX processes -- and it's costing them.

"One of our suggestions is that you have to think about how information technology can support ongoing compliance," Rozwell said. "The more you can use technology to ensure compliance, the less you have to use human beings."

Compliance and spending SOX accountant salaries rise 404 budgets filled with waste

The Gartner report, "Examine Sarbanes-Oxley Section 404 Weaknesses and Use IT as Your Solution," studied the SEC filings from Nov. 15, 2004, to April 30, 2005. Internal audits of those reports found 276 "material weaknesses," which were categorized according to root cause by Gartner. The report categorized the main sources of trouble this way: 43% could be attributed to accounting policies; 17% to financial policies; and 14% to staffing and personnel issues. The remaining issues were the result of deficiencies that varied depending on several factors.

The other problems included property leases with incorrect information on them, unsubstantiated information from subsidiary companies and a lack of standardization.

IT to the rescue

IT may not bear the brunt of the blame, but it can do more to prevent Sarbanes-Oxley compliance problems, experts agree. Jasmine Noel, co-founder of IT trend analyst firm Ptak, Noel & Associates, said change management is one of the areas where IT can smooth the audit process by providing consistent information. When IT was to blame, Rozwell discovered, it was due to poor change management.

Good CIOs know how they can use IT to ease SOX compliance, Rozwell said, but often have trouble making their case to business leaders.

For CIOs, "the first and foremost thing is to get it set in your head that this is not just make-work," Noel said. "[SOX compliance] really can drive a lot of IT efficiencies in the way the staff works. And coming up with creative ways to get people excited about the different ways they can use the tool. Yeah, the tool will get installed for SOX, but once it's there, if you can spread the word about the way that rich information can be used, the business will be better off."

Tags: Compliance strategies and best practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Compliance strategies and best practices Leveraging log management for IT and business process efficiency Information security and risk management guides for CIOs Email archiving solutions and strategies for enterprise CIOs Miscues abounded in Boston email retention policy, practices Health care security, HIPAA compliance on deck for CIOs in Obama era Enterprise risk management solutions for CIOs Addressing compliance requirements in cloud computing contracts Avoiding gotchas of security tools and global data privacy laws CIO turns to identity and access management to solve business problem Log management tool, SIM boxes combine to form security architecture

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary GRC (governance, risk management and compliance) software  (SearchCIO.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary