Data Management Strategies for the CIOMost of the dreaded deadlines have passed. But that doesn't mean the Sarbanes-Oxley Act (SOX) should be off your radar. As you've probably heard before, SOX is not Y2K. The rules are different for year two. So what is the CIO's role in ensuring that the enterprise not only achieves, but also continues optimal SOX compliance? This version of the Executive Guide addresses this question in particular. Claudia Imhoff, a seasoned SOX expert offers some specific advice for IT executives dealing with the regulations in this act. Also included in this guide are links to additional SOX resources from around the Web.
This Executive Guide is part of the SearchCIO Executive Guide series, which is designed to
give IT leaders strategic guidance and advice that addresses the management and decision-making
aspects of timely topics. For a complete list of topics covered to date visit the
Executive Guide section. To be alerted when new Executive Guides are available subscribe to the free
monthly e-newsletter, CIO Advisor.
Table of contents
Expert's Corner
NEW! Glossary
Basics and SEC news
NEW! Audit advice
NEW! SOX spending
Research and trends
Sarbanes-Oxley and the CIO
Compliance
More resources
 Expert's
Corner |
Return to Table of Contents |
 |
|
 |
|
| Claudia Imhoff | |
|
|
The Sarbanes-Oxley Act (SOX) is one of the most far-reaching legislations to have occurred in the U.S. in a long time. It covers everything from who can sit on a board of directors to penalties for mistreating corporate whistle blowers. Its ultimate goal is to restore investor confidence in the wake of the mammoth scandals rocking the stock markets. Compliance with this new legislation is proving to be very expensive (analysts project more that $5 billion will be spent) and time-consuming. And the act is still being interpreted!
But SOX is more than just financial legislation. Certainly it is concerned with ensuring the validity and transparency in the creation and documentation of information in financial statements, but it also means having the right IT systems in place. Unfortunately, reacting today may leave companies playing catch-up in the future. And there are a lot of technologies and software companies touting their ability to support SOX compliance. What is a CIO to do?
The first step is to assign responsibility to someone or some group in the organization for overseeing SOX compliance. The current thinking on who's responsible for this is that there should be some sort of Compliance "Officer" separate from the CIO. In my opinion, if you create this position, it may indicate that the CIO is not involved and that the other executives can wash their hands of compliance issues. Instead, I would recommend forming a committee consisting of the CIO, CEO and CFO, with the compliance officer reporting to the committee.
For more information on how CIOs can handle SOX compliance, check out this segment of the Executive Guide. It will focus on what is needed from a technological point of view for corporations to reach SOX compliance. The focus will be on the visibility, accountability and better governance of critical financial data and the significant role that IT plays in achieving this.
Dr. Claudia Imhoff is founder and president of Intelligent Solutions Inc. in Boulder, Colo. She is an internationally recognized expert on SOX, analytical CRM, business intelligence and the infrastructure to support these initiatives -- the Corporate Information Factory.
| Glossary
& basics |
Return to Table of Contents |
- NEW! Definition: Compliance (Source: SearchCIO.com, powered by Whatis.com)
- NEW! Definition: Sarbanes-Oxley Act (Source: SearchCIO.com, powered by Whatis.com)
- NEW! Definition: Chief Compliance Officer (Source: SearchCIO.com, powered by Whatis.com)
- NEW! Definition: Security audit (Source: SearchCIO.com, powered by Whatis.com)
- NEW! Definition: Audit trail (Source: SearchCIO.com, powered by Whatis.com)
- NEW! Definition: Redact (Source: SearchCIO.com, powered by Whatis.com)
| Basics
and SEC news |
Return to Table of Contents |
- NEW! Article: SOX: New rules for year two (Source: SearchCIO.com, 6/15/05)
- NEW! Article: SOX: Seven steps to CYA (Source: SearchCIO.com, 6/15/05)
- NEW! Article: SMBs triumph: SEC grants SOX extension (Source: SearchSMB.com, 9/22/05)
- NEW! Article: Former SEC chair is SOX fan -- with exceptions (Source: SearchCIO.com, 7/21/05)
- NEW! Article: Will Cox cure SOX pain? (Source: SearchCIO.com, 6/5/05)
- NEW! Article: SEC: 404 budgets filled with waste (Source: SearchCIO.com, 5/31/05)
- Article: Seven steps to Sarbanes-Oxley compliance (Source: SearchCIO.com, 11/24/03)
- Article: Key points of Sarbanes-Oxley (Source: SearchSecurity.com, 10/6/04)
| Audit
advice |
Return to Table of Contents |
- NEW! Audit Trail: The good, the gotcha and the guesser (Source: CIO Decisions magazine, April 2005)
- NEW! Audit Trail: The best tool for reducing risk is teamwork (Source: CIO Decisions magazine, May 2005)
- NEW! Audit Trail: Sifting through an audit (Source: CIO Decisions magazine, July 2005)
- NEW! Article: Cheat sheet: 10 ways to prep for auditors (Source: SearchCIO.com, 6/29/05)
- NEW! Article: Salaries for SOX accountants on the rise (Source: SearchCIO.com, 7/7/05)
- NEW! Article: SOX auditor talks CIO accountability, red flags (Source: SearchCIO.com, 11/10/04)
- Article: 'Typical' SOX violations (Source: SearchSecurity.com, 10/6/04)
| SOX
spending |
Return to Table of Contents |
- NEW! Article: Spending too much on compliance? IT can cut costs (Source: SearchCIO.com, 8/11/05)
- NEW! Article: Survey: Compliance spending soars (Source: SearchCIO.com, 4/27/05)
- NEW! Article: Regulations bite into the bottom line -- but for how long? (Source: SearchSecurity.com, 5/31/05)
- NEW! Article: Compliance is shaking the money tree for IT (Source: SearchWin2000.com, 03/01/05)
- NEW! Article: ISD 2005: SOX compliance costing companies big time (Source: SearchSecurity.com, 5/11/05)
- NEW! Executive Guide: Budgeting for compliance (Source: SearchCIO.com, 8/16/05)
| Research
and trends |
Return to Table of Contents |
- NEW! Tip: M&A and compliance: Call ahead for CIOs (Source: SearchCIO.com, 8/17/05)
- NEW! Tip: Retrofitting IT for e-checking rules (Source: SearchCIO.com, 7/20/05)
- NEW! Article: VoIP and SOX: Tricky recipe for CIOs (Source: SearchCIO.com, 7/21/05)
- White paper: IT assessment: The CIO sucker punch in Sarbanes-Oxley (Source: Obian, 9/17/04)
- Article: Contract compliance is a Sarbanes-Oxley issue (Source: AMR Research Inc., special to SearchCIO.com, 5/15/04)
- Column: Sarbanes-Oxley as an IT-business alignment driver (Source: SearchCIO.com, 9/27/04)
- Article: Study: Sarbanes-Oxley 'catalyst' for process management (Source: SearchCIO.com, 1/6/04)
- Tip: The real deal with Sarbanes-Oxley: Perspectives for the security manager (Source: SearchSecurity.com, 3/19/04)
| Sarbanes-Oxley
and the CIO |
Return to Table of Contents |
- NEW! Q&A: A Compliance Conversation: PEMCO's Kip Boyle (Source: SearchCIO.com, 6/1/05)
- Article: CIOs, others bond over SOX (Source: SearchCIO.com, 7/20/04)
- Article: SOX Wars -- CIOs share ideas, fears on Sarbanes-Oxley compliance (Source: SearchCIO.com, 7/21/04)
- Q&A: A CIO Conversation: Plexus' Tom Czajkowski (Source: SearchCIO.com, 9/21/04)
- Q&A: A CIO Conversation: Microsoft's Ron Markezich (Source: SearchCIO.com, 7/28/04)
- Q&A: A CIO Conversation: BMC's Jay Gardner (Source: SearchCIO.com, 9/9/04)
- Q&A: A CIO Conversation: Wachovia's Martin Davis (Source: SearchCIO.com, 4/8/04)
- Q&A: A CIO Conversation: Sprint's Mike Stout (Source: SearchCIO.com, 3/22/04)
- Q&A: A CIO Conversation: Quantum CIO loves challenge, change (Source: SearchCIO.com, 2/12/04)
- Q&A: A CIO Conversation: First time CIO opens new doors of communication(Source: SearchCIO.com, 1/14/04)
| Compliance |
Return to Table of Contents |
- NEW! Special report: Coming to terms with compliance (Source: SearchWin2000.com, 3/1/05)
- NEW! Article: Spotlight turns to chief compliance officers (Source: SearchCIO.com, 8/25/05)
- NEW! Article: Compliance shouldn't be a primary security driver (Source: SearchSecurity.com, 6/8/05)
- Article: Compliance and outsourcing: Oil and water or fine vinaigrette? (Source: Meta Group Inc., special to SearchCIO.com, 5/10/04)
- Featured Topic: Compliance guide (Source: SearchCIO.com)
- Article: Complicated compliance (Source: Meta Group Inc., special to SearchCIO.com, 3/16/04)
- Article: Wachovia compliance chief 'joined at hip' with CIO (Source: SearchCIO.com, 11/25/03)
- Article: A holistic approach to compliance (Source: SearchCIO.com, 12/12/03)
| More
resources |
Return to Table of Contents |
- NEW! Full text of the act from the SEC
- NEW! SEC spotlight on Sarbanes-Oxley rulemaking and reports
- NEW! SOX resource center
- NEW! White papers (Source: SearchCIO.com, powered by Bitpipe)
- NEW! Compliance and legal concerns resource center
- Conference presentation: Paring SOX Down to Size: The Impact of Sarbanes-Oxley on IT Governance
- Article: Sarbanes-Oxley reading list (SearchStorage.com, 8/15/03)
- White paper: Guide to the Sarbanes-Oxley Act: IT Risks and Controls
- Official Web site of Paul S. Sarbanes
- Official Web site of Michael G. Oxley
- Sarbanes-Oxley.com
- Sarbanes-Oxley Act Forum
 |
||||||
|
|
|
|
|
||
|
||||||
This was first published in September 2005
Join the conversationComment
Share
Comments
Results
Contribute to the conversation