Reproduction permitted for personal use only. For reprints and reprint permission, contact email@example.com.
CHICAGO There are lots of concerns by companies today to start reviewing the Sarbanes-Oxley Act and its effects on the IT area. Is the act a healthy antidote for devastated market faith? Adjunct Northwestern professor James Carlini explores in this week's edition of Carlinis Comments.
The Sarbanes-Oxley Act
was enacted in 2002 to focus financial companies to comply with new rulings and regulatory procedures for reporting trades and other actions in an orderly basis.
Its basically a financial compliance act that requires stricter record keeping and the ability for SEC
auditors to be able to review transactions, any supporting e-mails and other documentation relating to a trade or financial transaction.
This act was the result of the days of Enron
and the whole accounting and stock trade debacle that spread like a virus, which killed off investors and their flow of money into the markets. Something radical had to be done to restore the faith of investors in the stock market.
The markets were devastated and some say the integrity of the foundations of capitalism were actually in jeopardy. The Sarbanes-Oxley Act was the antidote.
While many software companies (such as Oracle
and JD Edwards
) are already hawking their solutions, an article
that I ran across by attorney Michael Fleming of Faegre & Benson stated exactly what I would have warned: There are no magic bullets out there for solutions. This is good advice as companies begin to review their options and seek out solutions.
I would also add to the articles advice that a one-size-fits-all solution should be avoided as well. We should already know that theres no such thing as a universal solution. Just Like Y2K? No Way
In talking with a chief compliance officer at a pension management company, I asked if this is going to be another critical IT initiative like a Y2K project. She said that its different from the standpoint that Y2K had a definite target for completion date. Sarbanes-Oxley is going to be more of an ongoing commitment to stay on top of latest changes and requirements for information.
Its not going to be as easy as install this software package and youre done (even though thats what some software package companies want you to believe). They are looking at this as purely a target market that has a clearly defined audience for their products. Buy this and youre compliant is the sales pitch du jour.
Its also not going to be change this procedure and add this one and youre done. Its going to be a continual challenge as trading processes change and mature. There will be continuous new rulings and policies that dictate the need for adding new reporting components and tools.
Soft-dollar issues and the discovery of new undermining schemes will dictate that new policies be amended to the act. Therefore, it is going to be an ongoing commitment of resources and budgets. Many Already Proclaiming Expert Status
Though some people have already professed expertise in this area, I fail to see how they can claim that when the whole issue is so new.
In fact, the people who have been the compliance officer at these financial companies have to go back for many courses and seminars to understand the major changes that have occurred. It intrigues me when companies and individuals proclaim expertise when the ink is still wet on the paper on which the act was printed.
This is clearly a work in progress. Though no one has years of expertise on this, some people are already saying they have all the answers. I remember the mantra from the e-commerce pseudo-experts. Is Sarbanes-Oxley the new cash cow for consulting firms whose Y2K and e-commerce sales pitches have died out?
I distinctly remember many firms going out and changing their marketing brochures to reflect an in-depth expertise in e-commerce. Even though their backgrounds didnt change overnight, their brochures touting new expertise did.
There are many facets that comprise the IT needs for Sarbanes-Oxley compliance. While an element of compliance is security, its actually much greater than that. Its a new way of doing business.
If you look at your company like a car with a problem, its not a quick safety check and an oil filter change. Sarbanes-Oxley is more like a total revamp of the engine, suspension and exhaust system (not to mention tacking on some new equipment to streamline some of the operations). Read the Act Thoroughly
As there are many articles and opinions coming out on the impact of Sarbanes-Oxley, I warn you that you should invest some time into really reading what it says. Dont just rely on someone elses summary or interpretation. If you are in charge of IT, the CFO or anyone else in charge, you must totally understand the full ramifications of this act.
Some people are saying that the CIO or some other person in charge of IT is going to be held responsible or have liability for IT information. There is no specific mention of the CIO or CTO as even a corporate officer in section 302 on corporate responsibility for financial reporting or anywhere else.
While the CFO and CEO are mentioned along with lawyers and accountants throughout the document for having liability, theres no mention of the IT area. Still, the IT area is critical to ensuring that some of these functions get accomplished. So much for IT getting its recognition as a critical part in an organization and its chief executives and advisors.
The government still sees only accountants and lawyers as important.
There are also no specifics mentioned in section 409 on real-time disclosures as to what is needed as far as IT compliance or new IT initiatives. Another section that could loosely be tied to the IT area is section 1102 on tampering with a record or altering or impeding an official proceeding. Theres no mention of IT people there either.
I guess IT hasnt really been recognized by those trying to make reforms. Its not just lawyers and accountants any more who are the business advisors. Its the technology people as well. There should have been more specifics defined in the Sarbanes-Oxley Act for IT measures and responsibilities.
Carlinism: Invest time in reading documents thoroughly. Dont rely on somebody elses summary or interpretation.
James Carlini is an adjunct professor at Northwestern University
. He is also president of Carlini & Associates
. Carlini can be reached at firstname.lastname@example.org
or 773-370-1888. This article has been syndicated on the Wisconsin Technology Network courtesy of ePrairie, a user-driven business and technology news community distributed via the Web, the wireless Web and free daily e-mail newsletters. They can be found at www.eprairie.com
The opinions expressed herein or statements made in the above column are solely those of the author, & do not necessarily reflect the views of the The Wisconsin Technology Network, LLC. (WTN). WTN, LLC accepts no legal liability or responsibility for any claims made or opinions expressed herein.