Computerworld
Quick Menu
Search



Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

IT scrambles to meet Sarb-Ox controls deadline

Slow starts, miscommunication put companies under the gun on the mandates
 

Sign up to receive Legislation/Regulation Resource Alerts

October 18, 2004 (Computerworld) -- IT departments at many large companies are racing to document, remediate and test IT-related controls to meet a year-end reporting deadline for Sarbanes-Oxley compliance.


The rush is on because many companies failed to grasp the amount of work that would be required and because of miscommunication between IT managers and the finance departments that typically run Sarbanes-Oxley Act compliance projects, according to users and analysts who were interviewed last week.


"What I've seen is a 'Let's drop everything and get this done' approach on dealing with IT controls from the second quarter until now," said John Hagerty, an analyst at AMR Research Inc. in Boston.


Hagerty and several other analysts and consultants said they expect that most companies that need to show Sarb-Ox compliance by year's end will get the bulk of their IT controls documented and tested in time. But some analysts predicted that in annual 10-K reports early next year, as many as 25% of the so-called accelerated filers will have to report controls-related exceptions that require additional remediation. Depending on the severity of the problems, companies could be fined by the U.S. Securities and Exchange Commission.


Todd Naughton, vice president and controller at Zebra Technologies Corp., said the Vernon Hills, Ill.-based supplier of printer components "really just started looking" at general IT controls within the past three months.


For the past year, Zebra has focused on documenting, remediating and testing application-level controls throughout the organization, including mapping defined job roles to the system access levels they require, said Richard Jaszka, the company's internal audit manager.


"That said, we're concerned about our ability to meet the Section 404 requirements of Sarbanes-Oxley for the other IT controls," said Jaszka. For example, although Zebra has documented policies for key areas such as change management, systems development and mission-critical computer operations, "it will be a challenge to properly test these controls and address any necessary remedies by year-end," Jaszka said.


He added that regulators haven't specified which IT controls need to be documented and tested.


Compliance Gap


Stan Lepeak, an analyst at Meta Group Inc., said he wouldn't be surprised if 25% of accelerated filers are found to have inadequate controls. He based his estimate on several factors, including discussions with clients, Sarbanes-Oxley readiness surveys conducted with client firms, and concerns expressed by customers who outsource IT that service providers won't be able to document the IT controls in time.


"It really depends on how strict external auditors will be in determining what are material weaknesses or deficiencies in controls and what aren't," said Lepeak.


Herman Miller Inc., a Zeeland, Mich.-based maker of office furniture, decided this past spring to adopt a set of guidelines for evaluating IT controls called Control Objectives for Information and Related Technologies, or Cobit, created by the IT Governance Institute and the Information Systems Audit and Control Association, both of which are based in Rolling Meadows, Ill., said Rich Russell, director of application development.

Continued...
1 | 2 | NEXT  



Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story
Sidebar: Later Timetable Gives Some Filers More Wiggle Room
IT scrambles to meet Sarb-Ox controls deadline
"That the feds appear to be somewhat overzealous in prosecuting a software company for "trading with the enemy" may have..." Read more...
"Recent developments regarding human bird flu deaths put the archipelago nation (and H5N1) back into play...." Read more...
Read more Government & Regulation posts or See all Blogs
Microsoft: We'll help other vendors find, fix their bugs
Free Windows XP tuneup: Put new life into an old workhorse
Politics 2.0 heats up traditional summer doldrums
Judge rejects student visa injunction sought by H-1B opponents
Kaminsky: Many ways to attack with DNS
TSA relaxes laptop screening rules this month
Road-warrior conundrum: Laptop or handheld?
First responders get more emergency communications options
$12 Indian 'TV computer' a knockoff of '80s Nintendo system, not Apple II
Jobs shakes up Apple management over MobileMe debacle
More top stories...
Russian hacker gang steals with impunity, says researcher
Microsoft promises 12 patches next week
Credit card thieves ran a polite, professional help desk
Bet on it: Employee wagers help companies predict the future
Massive faux-CNN spam blitz uses legit sites to deliver fake Flash
Search closing in on e-mail as most popular online activity, report says
At LinuxWorld, problem-solvers hunt open-source solutions
SQL Server 2008's future 'cloudy' as Microsoft releases new database
Missing Registered Traveler laptop found
New Google tool aims to provide more insight into online searches
Step away from the hype: The gadget known in some quarters as the Second Coming is distinctly mortal on five significant fronts. Eric Lai and Matt Hamblen have the details.
Don't miss our list of dumb but common monetary mistakes IT leaders make — and how to avoid them.
Blogger Seth Weintraub has been hearing some interesting things about Apple's upcoming line of portable computers.
CIOs plan sharp reductions in contract staff, professional services and hardware, and almost no investment in cloud computing, according to a Goldman Sachs survey.
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Business Continuity Zone
Data Center Management Zone
Enterprise-Class Security Zone
The File Data Management Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Storage Virtualization Zone
Business Intelligence and Analytics Zone
Identity & Security Management Zone

Ads by TechWords

See your link here
Computerworld Executive Briefing: The Compliance Era
Get this briefing free (a $195 value), for a limited time, courtesy of VeriSign.
The new Computerworld report, The Compliance Era, explains why regulatory compliance has zoomed to the top of the IT agenda and shows how real-world IT executives are dealing with the storage, security and privacy challenges. Get this briefing free (a $195 value), for a limited time, courtesy of VeriSign.
Download this executive briefing download
Long Tail Supplier Collaboration - What's In It For You?
Long Tail Supplier Collaboration - What's In It For You?
Download this webcast, free, compliments of Sterling Commerce
Go to the webcast 
Web Security SaaS: The Next Generation of Web Security
Download this whitepaper, free for a limited time, compliments of Webroot Software!
(Source: Webroot Software) The Web is the new threat vector of choice for hackers and cybercriminals to distribute malware and perpetrate identity theft, financial fraud, and corporate espionage. This paper outlines the challenges facing many SMBs and provides solutions for overall security effectiveness and reducing the burden on IT departments.
Download this white paper go
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Archiving Compliance with Sunbelt Exchange Archiver
The Impact of Messaging and Web Threats
Web Security SaaS: The Next Generation of Web Security
View more whitepapers