IT execs see higher spending because of Sarb-Ox rules

Computerworld - ORLANDO -- The Sarbanes-Oxley Act has increased IT spending for most companies, but firms that have built processes to handle compliance issues may be better equipped to meet any new federal regulatory burdens, according to IT executives at Gartner Inc.'s ITxpo here.
Compliance burdens posed by Sarbanes-Oxley have proved costly for IT, according to Gartner, which estimates that the federal requirements have raised IT spending in areas such as records management, increased security, and tools and new IT processes needed to ensure accuracy of financial records.
For Eaton Corp., a manufacturer of electrical components, regulatory compliance issues have boosted IT spending by about 1%, or about $3 million. The company spends about $300 million on IT each year, according to Robert Sell, vice president and CIO at the Cleveland-based company.
Citing state and federal lawmaker interest in the privacy issues, Gartner analyst John Bace said it's possible that California's privacy law -- which requires customer notification in the event of a breach of personal information -- may yet result in a new federal privacy law with Sarbanes-Oxley-like auditing requirements.
If that happens, Sell said his strategy will be to leverage processes that were set up to ensure Sarbanes-Oxley compliance. Sell, who served on a panel with other senior IT executives, now has one office managing IT issues associated with that law in addition to intellectual property protection and privacy issues. "We are going to leverage the people and resources across those disciplines," he said.
Other IT executives agreed that the corporate response needed for Sarbanes-Oxley compliance is giving companies the organizational, governance and educational framework they may need to deal with future compliance issues.
Gint Dargis, vice president and CIO at Richardson Electronics Ltd. in LaFox, Ill., said his firm has the ability "to scope out what's the impact to the company" if any new requirements arrive,
Moreover, regulations "are coming together -- these things are not going apart," said Jim Magliano, senior IS director at West Pharmaceutical Services Inc. in Lionville, Pa. Magliano said many of the requirements that apply to Sarbanes-Oxley also involve health regulatory-related issues, such as the Health Insurance Portability and Accountability Act.
The one thing companies can't do is treat the regulatory requirements lightly, warned panel members.
From a corporate board perspective, it's important to ensure that top executives take compliance "seriously enough," said Ken Coleman, chairman and CEO of ITM Software Corp., a business management tools company based in Mountain View, Calif. He said there is a tendency in management not to devote enoughstaff to a problem.
"This is superimportant," said Coleman. "The consequences are significant."
But Sell also said that helping a company meet its regulatory requirements is something IT leaders should step up to. "What a great opportunity -- especially for people in IT -- to demonstrate some IT leadership," he said.