Computerworld - Imagine asking 40 CIOs in six cities what their biggest worries are these days. I'd expect to hear about freeze-dried IT budgets, unfinished projects, sinking staff morale or loss of corporate confidence.
I'd be way off base.
What I never would have guessed was the Sarbanes-Oxley Act of 2002, that Loch Ness monster of new financial reporting and disclosure requirements enacted by Congress in the aftermath of Enron and a string of other corporate scandals. Nobody quite knows how far-reaching its impact on IT infrastructures will be, but ignorance is the opposite of bliss here.
"The CIOs feel blindsided by this," says Cathy Hotka, principal of Cathy Hotka & Associates and former VP of IT at the National Retail Federation. In a recent series of CIO roundtables she moderated, Hotka was surprised to find SOX (as the finance types call the act) a topic of so much consternation among senior IT execs. "They know the CFOs have it on their radar screens, and they don't like that feeling. Nobody has a handle on this yet," she says.
Sarbanes-Oxley is reverberating throughout IT management like an eerie echo of Y2k, with compliance deadlines looming and businesses feeling threatened and uncertain about the extent of the potential damage (that is, legal trouble) if changes aren't made. As one of Hotka's CIO dinner guests observed, "I could end up spending $1 million to fix a $100,000 problem!"
"There's a tremendous amount of confusion" about what IT should be doing to ensure compliance with Sarbanes-Oxley, says John Hagerty, an analyst at AMR Research Inc. in Boston. A recent AMR poll of 60 companies found that while 85% are anticipating changes in system and application infrastructures, an equally whopping 80% are unsure of what the changes will be.
In light of all this free-floating anxiety, last week's news that the Securities and Exchange Commission had extended the deadline for Sarbanes-Oxley compliance another nine months (to June 2004) might seem like a welcome relief.
But senior IT managers should be using this gift of time to get their information engines in gear -- not to relax.
Step 1: Dive in and do some research. Online in our IT Management Knowledge Center, we've compiled a special topics page with all of our ongoing coverage of Sarbanes-Oxley and additional links to sister publication CIO magazine's recent series on legislative issues. We'll keep adding resources to that page, so let us know what kind of additional information you need. If you search on Google for "Sarbanes-Oxley and CIOs," you'll get more than 700 hits. Many are worth
Oracle Software Licensing: The Value of Resellers
NEW white paper explores real-world insights and:
* The Rise of Audits
* Compliance Spend
* SAM and Compliance
* Working Directly with a...
- ACM Leadership Guide Knowledge worker effectiveness has emerged as a top priority to both optimize the customer experience and help employees work more efficiently. See how...
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Expert Panel: Enterprise Mobility and Data Loss Prevention When it comes to enterprise mobility, it's not just about devices, it's about the way people work. Hear this expert panel discuss the... All Management White Papers | Webcasts