June 9, 2005 4:00 AM PDT

Relief from Sarbanes-Oxley on the way?

Related Stories

Sarbanes-Oxley: Tech's big complaint of 2005

April 29, 2005

Sarbanes-Oxley cheat sheet

November 23, 2004

New piece of Sarbanes-Oxley kicks in

November 15, 2004
For Tom Arnold and the information technology department at StorageTek, complying with the Sarbanes-Oxley Act has been expensive, confusing and never ending.

The absence of clear guidance from government officials or auditing firms about the antifraud law has meant that IT personnel have felt compelled at times to go to extremes, said Arnold, who as corporate controller supervised the data storage company's efforts to abide by one of the law's key provisions, which took effect last year.

For example, the IT department at one point thought it needed to keep track of the previous 10 computer passwords used by StorageTek employees, rather than just the three archived by the company's business software. In addition, some argued the company--which is now being acquired by Sun Microsystems--required an electricity generator at its offices in Colorado so its computer systems would continue to run in the event of a power failure.

News.context

What's new:
Complying with the Sarbanes-Oxley Act may have been a headache for IT departments so far, but new federal guidelines could ease the burden.

Bottom line:
Though the new guidelines could make life easier on CIOs and others, plenty of attention will be required to keep up with the law in the future.

More stories related to Sarbanes-Oxley

Eventually, StorageTek decided it could stick with the three previous passwords and skip the generator in favor of relying on copies of data stored off-site. Even so, the IT department spent more than $1 million and a fair amount of time to comply with the law commonly called "SOX."

It was "quite a bit of work," Arnold said. "Our IT department wanted to hold ourselves to a higher standard than SOX required in some cases."

StorageTek's IT department is among many finding it a challenge to abide by SOX, the corporate disclosure law passed by Congress in the wake of scandals such as the Enron debacle. Shifting interpretations of the law have been a problem, according to analyst John Hagerty at AMR Research.

New guidelines from regulators could make life easier on chief information officers and others minding IT shops. Even so, plenty of attention will be required to keep up with the law in the future, Hagerty argued. "SOX is not a project--it's an ongoing process," he said.

The Sarbanes-Oxley Act is part of a broader array of new regulations--another is the Health Insurance Portability and Accountability Act--that have come to affect corporations in recent years. Congress passed SOX in 2002 in order to "protect investors by improving the accuracy and reliability of corporate disclosures." A key portion of the law is Section 404. Thanks to it, publicly traded companies have to include in their annual reports a review of the company's internal control over financial reporting, and a related auditor's rundown.

An example of a control might be the process a company follows when it makes a change to its accounts-payable software. Testing the change before it is made part of the live, "production" system may be required, along with written approval by a manager.

Big public companies had to comply with Section 404 beginning Nov. 15. Smaller public companies will have to meet section 404's requirements starting in July of next year.

IT departments are touched by this piece of SOX because the computer systems they oversee do such things as manage billing, accounting and financial reporting. In addition, IT operations frequently have sizable budgets and themselves are responsible for a significant chunk of a business' expenses.

But exactly what chief information officers need to do

CONTINUED:
Page 1 | 2 | 3

2 comments

Join the conversation!
Add your comment
Benefits of SOX Frequently Overlooked
While compliance with SOX can be difficult and costly, many people are too quick to complain and fail to realize the operational efficiencies that SOX can create. Managers and directors have more control over their departments, and having an audit trail means that there is less likelyhood that someone would be able to covertly affect the company's financials. Furthermore, some of the review processes that companies have implemented have enabled them to catch errors and security flaws much more quickly and correct them before they become a problem.

While people compain about regulations and guidance, let's understand that the purpose of this legislation was to reign in corporate governance and provide additional transparency so that the likelyhood of a corporate implosion is significantly reduced.
Posted by jasonw3 (3 comments )
Reply Link Flag
Cox
Many Maryland business officials would welcome U.S. Rep. Christopher Cox of California as new chairman of the Securities and Exchange Commission, observers say. If confirmed by the Senate, Cox would likely ease some requirements of the Sarbanes-Oxley Act.

Danni
<a class="jive-link-external" href="http://www.my-insurance-loans.com/" target="_newWindow">http://www.my-insurance-loans.com/</a>
Posted by ip_fresh (59 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.