RIDING THE SARBANES-OXLEY TRAIN

by Claudia Imhoff

It is confusing enough to wade through all the offerings from traditional and nontraditional vendors that are jumping on the Sarbanes-Oxley (SOX) bandwagon, each claiming it has the solutions for Section 404 or 407 compliance. Equally confusing is the ultimate impact of this legislation on corporate America. Even with this uncertainty, the cultural and operational environments of these corporations will be forever changed.

If you are not a public, US-based corporation, increased government regulation -- or the possibility of it -- in your country opens the door to leadership and more visionary thinking from the CIO. Given this situation, the CIO or IT leader has never had a better opportunity to demonstrate true leadership and vision in his or her enterprise.

SOX requires that CEOs, CFOs, and other corporate executives be connected to the everyday events of their enterprises. This means that the supporting IT infrastructures must supply a never-ending set of real-time, quality data. But let's face it: most IT infrastructures today cannot handle real-time, integrated reporting. They lack the necessary integration between data, processes, and technologies. The links between systems are not robust -- or in many cases, documented -- and the corporation rarely has access to a repository of quality, integrated, current data.

The shift to real-time computing can be particularly onerous for large enterprises that rely heavily on batch processing. We are all familiar with the "batch window" in which most operational systems sync up with the day's events. This indigenous technological architecture is so much a part of our IT world that it has become the major hurdle for these corporations to overcome.

Second, many companies are unable to track changes to financial data as it moves around internally from group to group. Over the past decade, companies have focused a great deal on operational efficiency. We have spent billions on the implementation of massive enterprise resource planning and customer relationship management systems to collect operational data, but then we turn around and feed this critical information into spreadsheets! Great Scott! Spreadsheets involve manual processes that are prone to human error, yet they continue to be widely used for planning, budgeting, and crucial financial reporting. In the new world order of SOX, this entrenched dependence on human processes simply doesn't cut it. We must create environments that have automated systems for reporting critical financial events and solid audit trails surrounding the creation, dissemination, and ultimate disposal of financial data. Finally, we must be able to quickly and easily reconcile information either by integration (my preferred method) or at least through the use of a shared data model.