News Stay informed about the latest enterprise technology news and product updates.

Seven steps to Sarbanes-Oxley compliance

Sarbanes Oxley compliance is giving many a CIO a headache. Seven steps -- and maybe a couple of Tylenol gelcaps -- may help ease the pain.

The image of a corporate executive in handcuffs is motivation enough for IT professionals to get their houses in...

order. The Sarbanes-Oxley Act means that financial executives need to report quickly and accurately -- or else, according to Robert V. Fitzgerald, president of financial software provider Cartesis Inc. of Norwalk, Conn. His firm suggests that there are seven steps necessary to ensure that financial reporting is done right.

Step one is having one source of information, for both financial and non-financial data. Organizations need a single system to provide "rear view mirrors and a front windshield," said Trevor Walker, director of product marketing.

Step two is to make that system Web-based, with a wide breadth of access. You don't want information hidden in the finance department and unavailable to the rest of the company.

While there are bound to be disagreements over the term "real time," as used by the Sarbanes-Oxley Act, real-time capabilities are the necessary third step to compliance, according to Cartesis. "You can no longer wait for a three-month budgeting cycle and re-forecasting," Walker said. Information needs to be visible immediately.

The fourth step involves software: Companies should identify key performance indicators that communicate objectives and match indicators from all sides of the company to identify areas that will affect value.

"You, as a business leader, have an opportunity to compare to history," Walker said. "What lies behind you has a lot to tell about what might impact you in the future."

Having "a sandbox" to ponder "what-if" scenarios is the central requirement of step five: flexible projections. Walker said that organizations need to have historical and predictive data in one place. They can then model the effects of possible events, such as acquisitions, exchange rate fluctuation and changes in business policy.

The sixth step ties in with the second, a Web-based application. Organizations need collaboration and a continuous flow of information, Walker said. Everyone needs to be involved in collecting, reporting, cleansing and signing off on the data.

Finally, the seventh step to Sarbanes-Oxley compliance: international awareness. This criterion plays into a traditional strength of Cartesis', Walker said. An application with language support and functionality that addresses the complex reporting requirements of the European Union will be able to tightly integrate and streamline the processing of data.

Following these steps and complying with Sarbanes-Oxley demands that the CIO and CFO -- two people who are traditionally at odds -- work together, Walker added. The CFO, as well as the CEO, are the ones that will be exposed should any problems pop up. But they will rely on the CIO to provide documentation to the entire company, Walker said. That includes software.

"When you think of Sarbanes-Oxley, there's a lot of things going on that no one single vendor can accommodate," he said. "Having a system, procedures and one single place to get information are really the three most important things."


Sarbanes-Oxley -- what you need to know

Best Web Links on Sarbanes-Oxley compliance

White paper: Leveraging IT systems for compliance

Compliance fears exaggerated, report says

Dig Deeper on Risk and compliance strategies and best practices

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.