Sarbanes-Oxley Adds to IT Costs But Pushes Companies to Prepare

Computerworld - ORLANDO -- Compliance burdens posed by the Sarbanes-Oxley Act are proving to be costly for many IT departments, according to Gartner Inc. But companies may be better equipped to meet any new federal regulations thanks to the processes they have developed for complying with the law, IT executives said here last week.
Gartner estimates that the government's Sarbanes-Oxley mandates have led to an average increase of 3.3% in corporate IT costs. The financial reporting law has spurred increased spending in areas such as records management and security, as well as purchases of new tools needed to ensure the accuracy of financial data, the firm says.
At Eaton Corp., a Cleveland-based maker of hydraulic systems, factory automation devices and other industrial products, regulatory compliance issues have boosted IT spending by about 1%, or $3 million, according to CIO Robert Sell.
But Sell, who took part in a panel discussion at Gartner's Symposium/ITxpo 2005 conference here, added that if new federal regulations emerge, his strategy will be to rely on the same processes that Eaton set up to ensure Sarbanes-Oxley compliance. He now has one office that manages the IT issues associated with the law in addition to intellectual property protection and data privacy. "We are going to leverage the people and resources across those disciplines," Sell said.
Other IT managers agreed that the corporate response needed for complying with Sarbanes-Oxley is providing organizational, governance and educational frameworks that should help them to deal with compliance in the future.
Gint Dargis, CIO at Richardson Electronics Ltd. in LaFox, Ill., said the maker of radio-frequency and wireless components now has the ability "to scope out the impact to the company" if new mandates materialize.
Moreover, regulations "are coming together -- these things are not going apart," said Jim Magliano, senior information systems director at West Pharmaceutical Services Inc., a Lionville, Pa.-based company that makes components for syringes, IVs and other medical devices. To illustrate his point, Magliano said that many of the requirements posed by Sarbanes-Oxley also apply to health care regulations, such as the Health Insurance Portability and Accountability Act.
The one thing companies can't do is treat regulatory mandates lightly, warned panel members.
It's important to ensure that top executives and board members take compliance seriously enough, said Ken Coleman, chairman and CEO of ITM Software Corp., a business management tools vendor in Mountain View, Calif. "This is superimportant. The consequences [of not complying] are significant."
Sell noted that helping a company meet its regulatory requirements is a task IT managersshould willingly step up to. "What a great opportunity -- especially for people in IT -- to demonstrate some leadership," he said.