IT scrambles to meet Sarb-Ox controls deadline

Thomas Hoffman   Today’s Top Stories   or  Other Legislation/Regulation Stories  

Why SaaS is Vital to Email and Web Security Take Control! Managing Your Application Library The Advantages of Migrating to Windows Vista® and Office 2007 Simultaneously Gartner Paper: How IT Management can "Green" the Data Center Gartner Paper: US Data Centers - The Calm Before the Storm Should You Install Messaging Security Software on Your Exchange Server? SaaS Solutions for Remote Systems Management Learn-Fast Guide: Software as a Service is Growing Up Mobility @ the Speed of Business Sign up to receive Legislation/Regulation Resource Alerts

October 18, 2004 (Computerworld) -- IT departments at many large companies are racing to document, remediate and test IT-related controls to meet a year-end reporting deadline for Sarbanes-Oxley compliance.

The rush is on because many companies failed to grasp the amount of work that would be required and because of miscommunication between IT managers and the finance departments that typically run Sarbanes-Oxley Act compliance projects, according to users and analysts who were interviewed last week.

"What I've seen is a 'Let's drop everything and get this done' approach on dealing with IT controls from the second quarter until now," said John Hagerty, an analyst at AMR Research Inc. in Boston.

Hagerty and several other analysts and consultants said they expect that most companies that need to show Sarb-Ox compliance by year's end will get the bulk of their IT controls documented and tested in time. But some analysts predicted that in annual 10-K reports early next year, as many as 25% of the so-called accelerated filers will have to report controls-related exceptions that require additional remediation. Depending on the severity of the problems, companies could be fined by the U.S. Securities and Exchange Commission.

Todd Naughton, vice president and controller at Zebra Technologies Corp., said the Vernon Hills, Ill.-based supplier of printer components "really just started looking" at general IT controls within the past three months.

For the past year, Zebra has focused on documenting, remediating and testing application-level controls throughout the organization, including mapping defined job roles to the system access levels they require, said Richard Jaszka, the company's internal audit manager.

"That said, we're concerned about our ability to meet the Section 404 requirements of Sarbanes-Oxley for the other IT controls," said Jaszka. For example, although Zebra has documented policies for key areas such as change management, systems development and mission-critical computer operations, "it will be a challenge to properly test these controls and address any necessary remedies by year-end," Jaszka said.

He added that regulators haven't specified which IT controls need to be documented and tested.

Compliance Gap

Stan Lepeak, an analyst at Meta Group Inc., said he wouldn't be surprised if 25% of accelerated filers are found to have inadequate controls. He based his estimate on several factors, including discussions with clients, Sarbanes-Oxley readiness surveys conducted with client firms, and concerns expressed by customers who outsource IT that service providers won't be able to document the IT controls in time.

"It really depends on how strict external auditors will be in determining what are material weaknesses or deficiencies in controls and what aren't," said Lepeak.

Herman Miller Inc., a Zeeland, Mich.-based maker of office furniture, decided this past spring to adopt a set of guidelines for evaluating IT controls called Control Objectives for Information and Related Technologies, or Cobit, created by the IT Governance Institute and the Information Systems Audit and Control Association, both of which are based in Rolling Meadows, Ill., said Rich Russell, director of application development.

Continued...
1 | 2 | NEXT  

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

Sidebar: Later Timetable Gives Some Filers More Wiggle Room

IT scrambles to meet Sarb-Ox controls deadline

"That the feds appear to be somewhat overzealous in prosecuting a software company for "trading with the enemy" may have..." Read more... "Recent developments regarding human bird flu deaths put the archipelago nation (and H5N1) back into play...." Read more... Read more Government & Regulation posts or See all Blogs

Microsoft: We'll help other vendors find, fix their bugs Free Windows XP tuneup: Put new life into an old workhorse Politics 2.0 heats up traditional summer doldrums Judge rejects student visa injunction sought by H-1B opponents Kaminsky: Many ways to attack with DNS TSA relaxes laptop screening rules this month Road-warrior conundrum: Laptop or handheld? First responders get more emergency communications options $12 Indian 'TV computer' a knockoff of '80s Nintendo system, not Apple II Jobs shakes up Apple management over MobileMe debacle More top stories...

Russian hacker gang steals with impunity, says researcher Microsoft promises 12 patches next week Credit card thieves ran a polite, professional help desk Bet on it: Employee wagers help companies predict the future Massive faux-CNN spam blitz uses legit sites to deliver fake Flash Search closing in on e-mail as most popular online activity, report says At LinuxWorld, problem-solvers hunt open-source solutions SQL Server 2008's future 'cloudy' as Microsoft releases new database Missing Registered Traveler laptop found New Google tool aims to provide more insight into online searches

5 ways the iPhone 3G still lags enterprise-wise Step away from the hype: The gadget known in some quarters as the Second Coming is distinctly mortal on five significant fronts. Eric Lai and Matt Hamblen have the details. Six stupid budget tricks Don't miss our list of dumb but common monetary mistakes IT leaders make — and how to avoid them. Rumor: MacBook updates to include glass trackpad, other goodies Blogger Seth Weintraub has been hearing some interesting things about Apple's upcoming line of portable computers. Study: IT jobs will drop in 2009 CIOs plan sharp reductions in contract staff, professional services and hardware, and almost no investment in cloud computing, according to a Goldman Sachs survey. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland Security Apple's iPhone Ask a Premier 100 IT Leader Bill Gates steps down BlackBerry Legal Battle Data Security Breaches Electronic Voting Firefox H-1B Visas HP's Boardroom Scandal Handheld Devices Hurricane Katrina Aftermath Microsoft Legal Issues Microsoft's Vista Open Source RFID Technology SCO's Linux Fight Sarbanes-Oxley Act Spam Voice Over IP Wi-Fi Windows Meta File Vulnerability Windows XP Service Pack 3 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class 2006 Computerworld Horizon Awards 2006 Premier 100 IT Leaders 2006 Salary Survey 2007 Best Places to Work in IT 2007 IT Forecast 2007 Premier 100 IT Leaders 40 Years of Computerworld ASPs, Take Two Best Places to Work in IT 2003 Best Places to Work in IT 2004 Best Places to Work in IT 2005 Best Places to Work in IT 2006 Business Intelligence Home Runs Business Intelligence: Smarter BI Business Intelligence: The Future of BI CRM Goes Vertical CRM: Sober CRM Career Planning Guide 2005 Careers: IT Profession 2010 Computerworld Horizon Awards 2005 Data Management: Mining for Gems Data Management: Taming Data Chaos Development: Hard-Workin' Web Sites Development: New Tools New Choices Development: The New World of Application Development Development: The Web Services Tsunami Development: Web Services Hurdles Disaster Recovery: Preparing for the Worst E-commerce Grows Up E-mail/Groupware: Big Decisions Faces of Mobile IT Forecast 2006 Global Mobile Hardware: Multiple Cores, Multiple Challenges Hardware: On-Demand Un-Hyped Hardware: The Shape of Things to Come Horizon Awards: 10 Cool Cutting Edge Technologies IT Management: Guide to Managing Vendors IT Management: Navigating Global IT IT Management: Recovery Ahead IT Management: The Future of IT IT Management: The Resourceful Project Manager Innovative Technology Awards 2004 Management: Reinventing IT Microsoft in Transition Mobile/Wireless Leaders and Laggards Mobile/Wireless: The Untethered Worker Mobile/Wireless: Tiny Gadgets, Huge Costs Network Management: Taking Control Networking: Turbulence Ahead! Networking: VoIP Goes Mainstream Operating Systems: In the Slow Lane Operating Systems: Linux Goes Global Operating Systems: Should You Nix Unix? Outsourcing: Offshore Buyer's Guide Outsourcing: Outsourcing Dangers Premier 100 IT Leaders 2004 Best in Class Premier 100 IT Leaders 2005 Best in Class ROI: Do the Math! Salary Survey 2003 Salary Survey 2004 Salary Survey 2005 Security Action Plan Security: Compliance Headaches Security: Proactive Security Security: Risk and Reward Security: Tips From Security Pros Souped-up Security Storage: Battling Complexity Storage: Cheap & Secure Data Stores Storage: Stretching Your Storage Dollars Storage: The Lean Storage Machine Storage: The New Rules of Storage Storage: The Ultimate Backup Guide Supply Chain: Missing Links Supply Chain: RFID Reality Check The Business of Security Web 2.0 Security Wireless: Wireless At Work All Zones Application Performance Zone Business Continuity Zone Data Center Management Zone Enterprise-Class Security Zone The File Data Management Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone Business Intelligence and Analytics Zone Identity & Security Management Zone See your link here

Computerworld Executive Briefing: The Compliance Era Get this briefing free (a $195 value), for a limited time, courtesy of VeriSign. The new Computerworld report, The Compliance Era, explains why regulatory compliance has zoomed to the top of the IT agenda and shows how real-world IT executives are dealing with the storage, security and privacy challenges. Get this briefing free (a $195 value), for a limited time, courtesy of VeriSign. Download this executive briefing  Long Tail Supplier Collaboration - What's In It For You? Long Tail Supplier Collaboration - What's In It For You? Download this webcast, free, compliments of Sterling Commerce Go to the webcast  Web Security SaaS: The Next Generation of Web Security Download this whitepaper, free for a limited time, compliments of Webroot Software! (Source: Webroot Software) The Web is the new threat vector of choice for hackers and cybercriminals to distribute malware and perpetrate identity theft, financial fraud, and corporate espionage. This paper outlines the challenges facing many SMBs and provides solutions for overall security effectiveness and reducing the burden on IT departments. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Archiving Compliance with Sunbelt Exchange Archiver The Impact of Messaging and Web Threats Web Security SaaS: The Next Generation of Web Security View more whitepapers

• Sidebar: Later Timetable Gives Some Filers More Wiggle Room
• IT scrambles to meet Sarb-Ox controls deadline

• Microsoft: We'll help other vendors find, fix their bugs
• Russian hacker gang steals with impunity, says researcher
• Free Windows XP tuneup: Put new life into an old workhorse
• More top stories 

Since You Asked A weekly storage column from storage analyst, Steve Duplessie of the Enterprise Strategy Group Click here to read the latest column by Steve Duplessie

Eliminate SPAM, Gain Productivity Learn all about the dangers and the costs of spam in all its forms – from stock-touting to spreadsheet. Also, understand the drawbacks of traditional hardware- and software-based defenses – and the unique benefits of MessageLabs multi-layered, managed Anti-Spam solution; as illustrated by a real-world case study where MessageLabs stopped spam cold. Download this white paper now!  See more Whitepapers

The Spy Files For Congress to do anything that helps protect consumers and the critical Internet infrastructure as a whole, it must pass laws that require proactive processes to protect computers, not that tell people how to deal with the resulting mess, says Ira Winkler. Click here to read the latest column by Ira Winkler

Customer Satisfaction with Email Archiving Systems Osterman Research conducted a primary survey asking organizations about a variety of archiving systems to understand the level of satisfaction that customers of Sunbelt Exchange Archiver (SEA) and other email archiving offerings report on a variety of metrics related to product and vendor performance. Download this white paper now!