Skip the navigation

Sarbanes Action Plan

By Maryfran Johnson
June 2, 2003 12:00 PM ET

Computerworld - Imagine asking 40 CIOs in six cities what their biggest worries are these days. I'd expect to hear about freeze-dried IT budgets, unfinished projects, sinking staff morale or loss of corporate confidence.
I'd be way off base.
What I never would have guessed was the Sarbanes-Oxley Act of 2002, that Loch Ness monster of new financial reporting and disclosure requirements enacted by Congress in the aftermath of Enron and a string of other corporate scandals. Nobody quite knows how far-reaching its impact on IT infrastructures will be, but ignorance is the opposite of bliss here.
"The CIOs feel blindsided by this," says Cathy Hotka, principal of Cathy Hotka & Associates and former VP of IT at the National Retail Federation. In a recent series of CIO roundtables she moderated, Hotka was surprised to find SOX (as the finance types call the act) a topic of so much consternation among senior IT execs. "They know the CFOs have it on their radar screens, and they don't like that feeling. Nobody has a handle on this yet," she says.
Sarbanes-Oxley is reverberating throughout IT management like an eerie echo of Y2k, with compliance deadlines looming and businesses feeling threatened and uncertain about the extent of the potential damage (that is, legal trouble) if changes aren't made. As one of Hotka's CIO dinner guests observed, "I could end up spending $1 million to fix a $100,000 problem!"
"There's a tremendous amount of confusion" about what IT should be doing to ensure compliance with Sarbanes-Oxley, says John Hagerty, an analyst at AMR Research Inc. in Boston. A recent AMR poll of 60 companies found that while 85% are anticipating changes in system and application infrastructures, an equally whopping 80% are unsure of what the changes will be.
In light of all this free-floating anxiety, last week's news that the Securities and Exchange Commission had extended the deadline for Sarbanes-Oxley compliance another nine months (to June 2004) might seem like a welcome relief.
But senior IT managers should be using this gift of time to get their information engines in gear -- not to relax.
Step 1: Dive in and do some research. Online in our IT Management Knowledge Center, we've compiled a special topics page with all of our ongoing coverage of Sarbanes-Oxley and additional links to sister publication CIO magazine's recent series on legislative issues. We'll keep adding resources to that page, so let us know what kind of additional information you need. If you search on Google for "Sarbanes-Oxley and CIOs," you'll get more than 700 hits. Many are worth



Our Commenting Policies