Relief from Sarbanes-Oxley on the way?

(continued from previous page)

last year to $6.1 billion this year. The portion spent just on technology is expected to grow from 2004's $1.1 billion to $1.7 billion this year, according to AMR.

Hewlett-Packard offers SOX-related services such as "risk-management" consulting that assesses a company's IT controls. Ismail Pishori, director of HP's risk management and compliance practice for clients in the financial services industry, says that although CIOs may complain about SOX, they recognize that the scrutiny of operations helps them become more efficient, as well as better at preventing problems. "Even the most vocal opponents of SOX will admit there is some benefit," he said.

Thanks to new official guidance issued last month, CIOs may have even less to complain about when it comes to SOX. In the wake of feedback about Section 404, the SEC tried to clarify what needs to be tested when it comes to "general IT controls." General IT controls include controls over program development, program changes and access to programs and data.

"While the extent of documentation and testing requires the use of judgment, the (SEC) staff expects management to document and test relevant general IT controls in addition to appropriate application-level controls that are designed to ensure that financial information generated from a company's application systems can reasonably be relied upon," the SEC said last month. "For purposes of the Section 404 assessment, the staff would not expect testing of general IT controls that do not pertain to financial reporting."

In releasing the advice about IT controls, the SEC said compliance with Section 404 during its first year of implementation may have been costlier than needed, "due to excessive, duplicative or misfocused efforts."

StorageTek's Arnold welcomes the recent guidance from the SEC and additional advice from the new agency created by SOX to oversee auditing firms, the Public Company Accounting Oversight Board. The latest guidelines should let company management use greater discretion when it comes to key controls over financial information, Arnold said. He also said President Bush's appointee to take over the reins of the SEC, free market champion Christopher Cox, should help matters.

Still, Arnold said, much will depend on how auditing firms interpret the new directions.

In any event, he has positive feelings overall about SOX. That's partly because StorageTek--and Sun--may benefit by selling products that help companies comply, and partly because the rigors of the law help an IT department find its inefficiencies. There's still another benefit for tech operations, he said. In contrast to recent years of belt-tightening, the SOX era allows chief information officers to regain some clout in how a company runs, said Arnold.

"More than anything, (SOX) gives IT organizations a bigger say."

Benefits of SOX Frequently Overlooked

While compliance with SOX can be difficult and costly, many people are too quick to complain and fail to realize the operational efficiencies that SOX can create. Managers and directors have more control over their departments, and having an audit trail means that there is less likelyhood that someone would be able to covertly affect the company's financials. Furthermore, some of the review processes that companies have implemented have enabled them to catch errors and security flaws much more quickly and correct them before they become a problem.

While people compain about regulations and guidance, let's understand that the purpose of this legislation was to reign in corporate governance and provide additional transparency so that the likelyhood of a corporate implosion is significantly reduced.

[ip_fresh]

Cox

Many Maryland business officials would welcome U.S. Rep. Christopher Cox of California as new chairman of the Securities and Exchange Commission, observers say. If confirmed by the Senate, Cox would likely ease some requirements of the Sarbanes-Oxley Act.

Danni
<a class="jive-link-external" href="http://www.my-insurance-loans.com/" target="_newWindow">http://www.my-insurance-loans.com/</a>