The Real Value in Sarbanes-Oxley

Kathleen Melymuka   Today’s Top Stories    or  Other Management Stories  

Enhancing Business Mobility with Convertible PCs HP's Virtualization: HP's Remote Client Solutions Webinar Six Support Issues That Keep Execs Awake at Night The Power of Pen Case Study: St. Clare's Hospital Computerworld Technology Briefing: Meetings @ the Speed of Business Case Study: Trinity Health Care Sign up to receive Security Resource Alerts

April 10, 2006 (Computerworld) -- Fear can be a powerful generator of upstanding conduct, say Stephen Wagner and Lee Dittmar. But business runs on discovering and creating value. In this month's Harvard Business Review, the co-authors discuss how smart companies are finding unexpected benefits in Sarbanes-Oxley compliance. Wagner, who is the managing partner of the U.S. Center for Corporate Governance at Deloitte & Touche, and Dittmar, who leads the enterprise governance consulting practice at Deloitte Consulting and co-leads its Sarbanes-Oxley practice, talked with Kathleen Melymuka about how your company can use compliance requirements to its advantage.

What were some of the big control gaps that early Sarbanes-Oxley compliance efforts uncovered?

WAGNER: One of requirements of internal controls is maintenance of records in reasonable detail that reflect transactions. We found [that] in many instances, control documentation was way behind or didn't exist. A second issue was "tone at the top" -- the communication that comes out of the boardroom and the CEO suite that sets the stage for the organization, including how it deals with ethical standards. We found that there was often very little communication across organizations around the importance of maintaining good controls. In some cases we found duplication of control activities that created inefficiency and less-than-effective controls. Lastly, we ran into the notion of unnecessary complexity in the extreme. Many companies are far more complicated than they need to be. In the IT area in particular, there was duplication of systems, multiple instances of ERP -- one division of a company had 200 financial accounting systems.

DITTMAR: And organizations didn't know what their control programs consisted of. They knew they had them, but as one told me, it was "kind of tribal." There was no consistency in how they did it. We found uncontrolled access to systems that are important to maintaining the integrity of financial reporting. I got a call from a CIO who said, "I've got hundreds of systems and 700 to 800 people who have access all the way to the database level. How can I control that?" This is an extreme example, but it was pervasive. Systems were designed for speed, not for controls. There were also a lot of challenges around security and change management. When we asked about change management processes, many companies said, "Which ones? For this system or this system?"

Continued...
1 | 2 | 3 | 4 | 5 | NEXT  

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"A marketing war over energy isn't a bad thing...." Read more... "One of the most worthwhile things we do around here is strive to recognize the contributions made by dedicated IT..." Read more... Read more Management posts or See all Blogs

Tools circulate that crack Debian, Ubuntu keys Former Microsoft manager offers free fix for XP SP3 'endless reboot' Can Icahn take on the Yahoo board and win? More top stories...

DNS trouble knocks NSA off Internet Developers confirm, explain why they're avoiding Windows Vista NASA moves to save computers from swarming ants

Shuttle Columbia's hard drive data recovered from crash site Specialists have retrieved about 99% of the data on a disk drive on board the crashed space shuttle Columbia. Don't miss the photographs of the recovered drive. The top 15 vaporware products of all time These big ideas were supposed to revolutionize technology, but they never actually appeared. In a few cases, you'll be glad they didn't. Opinion: Malware vs. anti-malware, 20 years into the fray Nearly 20 years after the first Internet worm, Steven J. Vaughan-Nichols takes stock of the malware/anti-malware landscape and spotlights how the two sides are approaching the battle. Leopard at six months: Does it live up to the early hype? Though some thought it was released too soon, Mac OS X 10.5 has matured into a solid operating system, says reviewer Michael DeAgonia. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland SecurityAsk a Premier 100 IT LeaderBlackBerry Legal BattleData Security BreachesElectronic VotingFirefoxH-1B VisasHP's Boardroom ScandalHandheld DevicesHurricane Katrina AftermathMicrosoft Legal IssuesMicrosoft's VistaOpen SourceRFID TechnologySCO's Linux FightSarbanes-Oxley ActSpamVoice Over IPWi-FiWindows Meta File VulnerabilityWindows XP Service Pack 2 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class2006 Computerworld Horizon Awards2006 Premier 100 IT Leaders2006 Salary Survey2007 Best Places to Work in IT2007 IT Forecast2007 Premier 100 IT Leaders40 Years of ComputerworldASPs, Take TwoBest Places to Work in IT 2003Best Places to Work in IT 2004Best Places to Work in IT 2005Best Places to Work in IT 2006Business Intelligence Home RunsBusiness Intelligence: Smarter BIBusiness Intelligence: The Future of BICRM Goes VerticalCRM: Sober CRMCareer Planning Guide 2005Careers: IT Profession 2010Computerworld Horizon Awards 2005Data Management: Mining for GemsData Management: Taming Data ChaosDevelopment: Hard-Workin' Web SitesDevelopment: New Tools New ChoicesDevelopment: The New World of Application DevelopmentDevelopment: The Web Services TsunamiDevelopment: Web Services HurdlesDisaster Recovery: Preparing for the WorstE-commerce Grows UpE-mail/Groupware: Big DecisionsFaces of Mobile ITForecast 2006Global MobileHardware: Multiple Cores, Multiple ChallengesHardware: On-Demand Un-HypedHardware: The Shape of Things to ComeHorizon Awards: 10 Cool Cutting Edge TechnologiesIT Management: Guide to Managing VendorsIT Management: Navigating Global ITIT Management: Recovery AheadIT Management: The Future of ITIT Management: The Resourceful Project ManagerInnovative Technology Awards 2004Management: Reinventing ITMicrosoft in TransitionMobile/Wireless Leaders and LaggardsMobile/Wireless: The Untethered WorkerMobile/Wireless: Tiny Gadgets, Huge CostsNetwork Management: Taking ControlNetworking: Turbulence Ahead!Networking: VoIP Goes MainstreamOperating Systems: In the Slow LaneOperating Systems: Linux Goes GlobalOperating Systems: Should You Nix Unix?Outsourcing: Offshore Buyer's GuideOutsourcing: Outsourcing DangersPremier 100 IT Leaders 2004 Best in ClassPremier 100 IT Leaders 2005 Best in ClassROI: Do the Math!Salary Survey 2003Salary Survey 2004Salary Survey 2005Security Action PlanSecurity: Compliance HeadachesSecurity: Proactive SecuritySecurity: Risk and RewardSecurity: Tips From Security ProsSouped-up SecurityStorage: Battling ComplexityStorage: Cheap & Secure Data StoresStorage: Stretching Your Storage DollarsStorage: The Lean Storage MachineStorage: The New Rules of StorageStorage: The Ultimate Backup GuideSupply Chain: Missing LinksSupply Chain: RFID Reality CheckThe Business of SecurityWeb 2.0 SecurityWireless: Wireless At Work All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone See your link here

HP's Virtualization: HP's Remote Client Solutions Webinar HP's Virtualization: HP's Remote Client Solutions Webinar View this webcast! Go to the webcast  Computerworld Report: Storage Gets Strategic Download this Computerworld Report, free, compliments of HP. (Source: Computerworld) Data Storage has emerged from the back room to become a key part of regulatory compliance, disaster recovery and strategic tecnhology plans. Learn more in this new this Computerworld report, a $49.95 value, available free for a limited time, compliments of HP. Download this executive briefing  Does collaboration drive business success? Get this white paper now! (Source: Microsoft Office Live Meeting) Collaboration occurs at the intersection of an enterprise's technology and culture. Discover how these two critical factors affect the quality of collaboration in Meetings Around the World: The Impact of Collaboration on Business Performance. You'll learn why enterprises need to work collaboratively - and examine how collaboration impacts business success. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Six Support Issues That Keep Execs Awake at Night Spam Spikes: A Real Risk to Your Business The New Foundation of Storage: Xiotech's Intelligent Storage Element View more whitepapers

• Tools circulate that crack Debian, Ubuntu keys
• Former Microsoft manager offers free fix for XP SP3 'endless reboot'
• Can Icahn take on the Yahoo board and win?
• More top stories 

• Seth Weintraub: Vodafone building TV service for 3G iPhone?

• FAQ: Windows XP SP3 reboot hell (and how to get out of it)

• Review: Which 3G network is the best?

Read more news 



• Even in this day and age

• Data recovery from Columbia

Read more Shark Bait 


Monitoring Costs and Benefits - an excerpt from the book "IT Success" Monitor IT costs and business benefits. Learn how to conduct an accurate cost-benefit analysis across the entire application life cycle--and gain an understanding on how to better communicate the value of IT. Read this excerpt from "IT Success!" Download this white paper



Is Your Company a Great Place to Work? Our annual survey recognizes top employers that offer satisfying and challenging work environments for their IT staffs. Nominate a company here. See the 2007 Best Places to Work in IT report



Enhancing Business Mobility with Convertible PCs For years Pen enabled computing devices have enjoyed great success and acceptance in highly vertical industries like delivery services, auditing and POS. The primary limitations of early pen computing devices, which were the hurdles to early mainstream adoption, were the power limitations of the devices, no stable OS environment for application development, and the lack of a keyboard for traditional input. Now, with the availability of Windows XP Tablet PC edition and Vista, which are both Pen Enabled operating systems, the flexibility afforded by dual function convertible notebooks and a host of 3rd party applications, Pen Computing has expanded into areas like healthcare, insurance, education, retail, and sales force automation. What used to be strictly vertical has now caught on as a preferred alternative to standard notebooks. Is now the right time for you to consider pen computing? Tune in to find out what these amazing mobile devices can do to simplify tasks, expand the utility of a traditional notebook, and increase the ROI of traditional notebook computing. Listen to this podcast now