Current Issue    Archived Articles  
  Jan 15 05    Oct 15 04    July 15 04    April 15 04    Jan 15 04    Oct 15 03    July 15 03    April 15 03    Jan 15 03    Oct 15 02  
location  :  Archived Articles    -->  Jan 15 04    -->  Industry Trends   
search this site
 
 
 
 
For More Information, visit...
 
 
 
 

Sarbanes-Oxley: Another Y2K?
Information Technology Trends for 2004 and Beyond


Charlie Cox,
Vice President/Sales & Marketing,
Datatrend Technologies, Inc.

 

Is Sarbanes-Oxley (SOX) having a similar impact on IT trends as Y2K?  Yes and No. Yes, it will have a significant long-term impact on IT environments and the management of information; but no, it will not trigger the flurry of infrastructure purchases that the technology industry experienced leading up to the year 2000.  Unlike with Y2K,  there is no magic end date in sight.  Rather, SOX will generate IT related activity as an ongoing and routine part of doing business for years to come.

However, like Y2K, there is a real sense of urgency given key deadlines established by this legislation.  As reported by the IT Governance Institute, Sarbanes-Oxley is the most significant piece of business legislation in the last fifty years. “The clock is ticking on compliance, and any delays in dealing with the issue may have serious consequences.”  While every company believes in the concept of good corporate governance practices, there is no longer any option…it is now the law.

Full compliance and the associated controls must be in place by June 2004 for Section 404, and CIOs will have to develop a compliance plan to address IT controls.  Specifically, CIOs must become intimately familiar with Sections 302 and 404 of the Act in order to develop a framework for managing their IT environment.  Every aspect of the IT environment is impacted – all of the systems, data and infrastructure components that support the financial reporting process.

While the IT professionals I have spoken with are aware of and are taking steps to address compliance with Sarbanes-Oxley, in general, they have underestimated the challenge.  There is no doubt that, as companies assess their current environment, they will investigate and invest in applications that will facilitate compliance and dramatically improve controls and reporting.   Additionally, given the need for storing/archiving data, there will be a continuing evaluation of the adequacy of current storage environments. This may or may not lead to storage server sales, but it will invariably drive the purchase and implementation of storage management tools.  These tools will allow companies to fully understand their storage environments at a granular level and to determine precisely how much incremental storage they may or may not need going forward.

However, the primary trend will be in software purchases and the implementation of new applications.  Meta Group analyst, John Van Decker, forecasts that business intelligence (BI), data warehouse, EDI, business performance management (BPM), financial tools, content management and portal applications will all see “lots of purchases”.  This is commensurately driving the need for related services to implement and integrate these applications.

Complying with Section 404 means that your company must provide an annual assessment as to the effectiveness of internal controls in financial reporting and obtain attestation from external auditors that the controls are effective.  Many of the application solutions are effective tools in achieving compliance, but the challenge is likely to be far more daunting for most companies.

For example, the current financial reporting environment is dominated by MS Excel documents-- a scary thought in itself. These documents are both directly and indirectly associated with SEC required filings (e.g. 10-Ks, 10-Qs, annual reports) and must be managed and have appropriate controls in place to ensure the integrity of these documents (they cannot be altered or changed in any way).  The burden of implementing these controls will stretch already thin IT staffs, as well as challenge internal capabilities in general.  If a company does not have in place a viable data warehouse or data mart solution as a consistent repository for the data needed for financial management reporting, it will be even more difficult to be in compliance.

All of this will drive a continuing trend for companies to engage service and solution providers who can both counsel them on and architect best practice solutions.  Companies’ needs for experts in business performance management partnering with the right application and storage specialists will continue to grow and fuel this segment of the vendor community for the foreseeable future.

CIOs need to take a look in the mirror and ask the hard questions about their IT environments and the ability of that environment to support the compliance requirements imposed on their companies by SOX.  Cohasset Associates, a leading record retention management firm, aptly described the concept of “corporate Alzheimer’s”; referring to current document/records management practices at most companies.  In other words, I know that I saved (stored) it, I just can’t find it.  With the volume of electronic records growing at an annual rate of over 50%, this problem of not only storing, but also knowing what you have and most importantly being able to retrieve it on demand, is significant. 

There are clearly many pieces to the puzzle of achieving and maintaining SOX compliance and IT will play-- perhaps, the most critical role.  There is no silver bullet solution.  IT organizations, if they haven’t already, must realistically assess their current environment and identify the inevitable gaps.  The trend is clear, existing and new applications, storage infrastructure, and service providers who understand how to implement and integrate these solutions will be in high demand.

Datatrend's TrendSetter eNewsletter
January 15, 2004