Finance Law May Force IT System Overhauls

Sign up to receive Security Resource Alerts

April 14, 2003 (Computerworld) -- The Sarbanes-Oxley Act, the U.S. government's attempt to bring honesty, clarity and speed to corporate financial reporting, may ultimately require costly overhauls of budgeting, reporting and decision-support systems.

But much remains unclear about the potential impact of the law, which was passed last summer. Even companies whose systems appear to comply with the act are uncertain as to exactly what some provisions mean and when they must comply with the requirements, according to recent interviews with IT and business executives.

The uncertainty stems from the fact that the Securities and Exchange Commission is still fleshing out the details of the law through a series of proposed rules. Moreover, the SEC has delegated some regulatory tasks to other organizations, such as stock exchanges, and they have yet to act.

But the combined weight of Sarbanes-Oxley and other new regulations is expected to result in major systems changes at some companies. "We're looking at a whole series of governance and compliance issues related to IT for Sarbanes-Oxley," said David Klementz, chief financial officer at Progress Rail Services Corp. in Albertville, Ala.

Irving Tyler, CIO at Quaker Chemical Corp.

For example, the act requires CEOs and chief financial officers to attest that annual and quarterly financial reports contain no material errors or omissions.

Jonathan Karpoff, a finance professor at the University of Washington in Seattle, said executives whose necks are now on the line at report-signing time will demand systems that are more timely and accurate. "What I'm hearing quite a bit is that firms can use Sarbanes-Oxley as an impetus to completely overhaul their control, monitoring and reporting processes," Karpoff said.

That's what's going on at Progress Rail. The supplier of railway products and services recently scrapped a combination of manual procedures and spreadsheets for consolidating the books of its subsidiaries and installed a set of financial-data integration and analysis software from SAS Institute Inc. in Cary, N.C.

Progress Rail is also using SAS Balanced Scorecard, a tool that gives Klementz near-real-time financial-performance metrics. That could tip him off to business problems that might otherwise go undetected until a quarterly audit is done, he said.

Those steps, which cost about $500,000, are just the beginning. Klementz said Sarbanes-Oxley and other new SEC regulations are prompting Progress Rail to do a top-to-bottom examination of other systems that can affect its financial results, such as inventory control. In addition, the company faces higher labor costs.

"We're greatly increasing IT staff in order to make sure I'm comfortable that systems and controls are in place," Klementz said, adding that he's also hiring IT and regulatory-compliance consultants.

Another key provision in Sarbanes-Oxley stipulates that outside auditors must examine and verify the effectiveness of a company's internal financial controls. "Some aspects of that are typical [information systems issues], such as access controls, and we'll have to look at those things a little more strenuously," said Irving Tyler, CIO at Quaker Chemical Corp. in Conshohocken, Pa.

Tyler warned other IT managers to brace themselves for tough requests from auditors. "I remember an auditor once recommending that we have 28-digit alphanumeric passwords that changed monthly," he said. "Things like that, which maybe in the past you decided not to pursue because you didn't see the justification, you might have to be more aware of now."

Some companies hope to avoid many compliance problems by outsourcing management of the issue. Hibernia Corp. in New Orleans outsources all of its core financial systems. David Harrison, the bank's audit director, said he's relying on the outsourcer's legal staff to ensure that the systems comply with laws like Sarbanes-Oxley.

But Harrison acknowledged that the new law raises questions he has to deal with, such as how to satisfy a requirement that corporate whistle-blowers be able to communicate confidentially with the company's audit committee. "I could set up telephone reporting or intranet reporting, but employees may feel that neither of these provides sufficient privacy," he said. "We haven't decided one way or the other."

Potential IT Implications

The Sarbanes-Oxley Act Section 103: Your auditor must (and therefore, you should) maintain all audit-related records, including electronic ones, for seven years. Effective now. Section 201: Firms that audit your company's books can no longer also provide you with IT-related services. Effective now. Section 301: You must provide systems or procedures that let whistle-blowers communicate confidentially with your company's audit committee. No effective date set. Section 302: Your CEO and CFO must sign statements verifying the completeness and accuracy of financial reports. Effective now. Section 404: CEOs, CFOs and outside auditors must attest to the effectiveness of internal controls for financial reporting. No date set. Section 409: Companies must report material changes in their financial conditions "on a rapid and current basis." The act calls it "real-time disclosure" but doesn't define what that means. No date set.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

Finance Law May Force IT System Overhauls Sarbanes-Oxley Requirements Put Legal Onus on CIOs

"One presidential candidate publishes his views on technology and the other doesn't. But does it really matter?..." Read more... "My colleague Mike Elgan points out in his blog that..." Read more... Read more Government & Regulation posts or See all Blogs

Google gives away home-cooked Web application security scanner Microsoft trumpets security additions in upcoming IE8 Apple cuts price of high-end SSD MacBook Air by $500 More top stories...

Ultrathin showdown: Apple MacBook Air vs. Lenovo ThinkPad X300 vs. Toshiba Portege R500 Best Places to Work 2008 Storm botnet stages Fourth of July attacks

This old laptop: Revitalizing an aging notebook on the cheap All it takes is a couple hours and about $125 to breathe new life into an old laptop. Here's how. Bill Gates moves on Is Microsoft's Golden Age over? What are Gates' most memorable quotes? Find out in Computerworld's complete coverage of the end of the Bill Gates era at Microsoft. Five things you should never tell your boss There are some things your CIO definitely doesn't want to hear. Also don't miss the flipside, Five things you should always tell your boss. Hands-On: Firefox 3 fixes what's broke and keeps what's right With its latest version, Mozilla's browser continues to raise the bar for what Web browsers should be. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland SecurityAsk a Premier 100 IT LeaderBlackBerry Legal BattleData Security BreachesElectronic VotingFirefoxH-1B VisasHP's Boardroom ScandalHandheld DevicesHurricane Katrina AftermathMicrosoft Legal IssuesMicrosoft's VistaOpen SourceRFID TechnologySCO's Linux FightSarbanes-Oxley ActSpamVoice Over IPWi-FiWindows Meta File VulnerabilityWindows XP Service Pack 3 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class2006 Computerworld Horizon Awards2006 Premier 100 IT Leaders2006 Salary Survey2007 Best Places to Work in IT2007 IT Forecast2007 Premier 100 IT Leaders40 Years of ComputerworldASPs, Take TwoBest Places to Work in IT 2003Best Places to Work in IT 2004Best Places to Work in IT 2005Best Places to Work in IT 2006Business Intelligence Home RunsBusiness Intelligence: Smarter BIBusiness Intelligence: The Future of BICRM Goes VerticalCRM: Sober CRMCareer Planning Guide 2005Careers: IT Profession 2010Computerworld Horizon Awards 2005Data Management: Mining for GemsData Management: Taming Data ChaosDevelopment: Hard-Workin' Web SitesDevelopment: New Tools New ChoicesDevelopment: The New World of Application DevelopmentDevelopment: The Web Services TsunamiDevelopment: Web Services HurdlesDisaster Recovery: Preparing for the WorstE-commerce Grows UpE-mail/Groupware: Big DecisionsFaces of Mobile ITForecast 2006Global MobileHardware: Multiple Cores, Multiple ChallengesHardware: On-Demand Un-HypedHardware: The Shape of Things to ComeHorizon Awards: 10 Cool Cutting Edge TechnologiesIT Management: Guide to Managing VendorsIT Management: Navigating Global ITIT Management: Recovery AheadIT Management: The Future of ITIT Management: The Resourceful Project ManagerInnovative Technology Awards 2004Management: Reinventing ITMicrosoft in TransitionMobile/Wireless Leaders and LaggardsMobile/Wireless: The Untethered WorkerMobile/Wireless: Tiny Gadgets, Huge CostsNetwork Management: Taking ControlNetworking: Turbulence Ahead!Networking: VoIP Goes MainstreamOperating Systems: In the Slow LaneOperating Systems: Linux Goes GlobalOperating Systems: Should You Nix Unix?Outsourcing: Offshore Buyer's GuideOutsourcing: Outsourcing DangersPremier 100 IT Leaders 2004 Best in ClassPremier 100 IT Leaders 2005 Best in ClassROI: Do the Math!Salary Survey 2003Salary Survey 2004Salary Survey 2005Security Action PlanSecurity: Compliance HeadachesSecurity: Proactive SecuritySecurity: Risk and RewardSecurity: Tips From Security ProsSouped-up SecurityStorage: Battling ComplexityStorage: Cheap & Secure Data StoresStorage: Stretching Your Storage DollarsStorage: The Lean Storage MachineStorage: The New Rules of StorageStorage: The Ultimate Backup GuideSupply Chain: Missing LinksSupply Chain: RFID Reality CheckThe Business of SecurityWeb 2.0 SecurityWireless: Wireless At Work All Zones Application Performance Zone Business Continuity Zone Data Center Management Zone Enterprise-Class Security Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone Business Intelligence and Analytics Zone See your link here

Computerworld Executive Briefing: The Compliance Era Get this briefing free (a $195 value), for a limited time, courtesy of VeriSign. The new Computerworld report, The Compliance Era, explains why regulatory compliance has zoomed to the top of the IT agenda and shows how real-world IT executives are dealing with the storage, security and privacy challenges. Get this briefing free (a $195 value), for a limited time, courtesy of VeriSign. Download this executive briefing  Long Tail Supplier Collaboration - What's In It For You? Long Tail Supplier Collaboration - What's In It For You? Download this webcast, free, compliments of Sterling Commerce Go to the webcast  Web Security SaaS: The Next Generation of Web Security Download this whitepaper, free for a limited time, compliments of Webroot Software. (Source: Webroot Software) The Web is the new threat vector of choice for hackers and cybercriminals to distribute malware and perpetrate identity theft, financial fraud, and corporate espionage. This paper outlines the challenges facing many SMBs and provides solutions for overall security effectiveness and reducing the burden on IT departments. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Deploying Virtualized NetWare on Linux Whitepaper Toward More Flexible, Next-Generation Collaboration Solutions Driving Business Success Through Workgroup Choice and Flexibility View more whitepapers

• Finance Law May Force IT System Overhauls
• Sarbanes-Oxley Requirements Put Legal Onus on CIOs

• Google gives away home-cooked Web application security scanner
• Microsoft trumpets security additions in upcoming IE8
• Apple cuts price of high-end SSD MacBook Air by $500
• More top stories 

Since You Asked A weekly storage column from storage analyst, Steve Duplessie of the Enterprise Strategy Group Click here to read the latest column by Steve Duplessie

Eliminate SPAM, Gain Productivity Learn all about the dangers and the costs of spam in all its forms – from stock-touting to spreadsheet. Also, understand the drawbacks of traditional hardware- and software-based defenses – and the unique benefits of MessageLabs multi-layered, managed Anti-Spam solution; as illustrated by a real-world case study where MessageLabs stopped spam cold. Download this white paper now!  See more Whitepapers

The Spy Files For Congress to do anything that helps protect consumers and the critical Internet infrastructure as a whole, it must pass laws that require proactive processes to protect computers, not that tell people how to deal with the resulting mess, says Ira Winkler. Click here to read the latest column by Ira Winkler

Understand Messaging Archiving Email storage is growing at an average rate of 35% annually - three out of five decision makers cite the growth of messaging storage as their leading messaging-related problem. This Osterman Research white paper discusses the several reasons to implement a messaging archiving system and provide an overview of Sunbelt Software's offering focused squarely on the archiving space. Download this white paper now!