Executive guide: Sarbanes-Oxley

As we draw near the November deadline, we've added more resources to our original CIO Survival Guide to better help you.

Most of the dreaded deadlines have passed. But that doesn't mean the Sarbanes-Oxley Act (SOX) should be off your radar. As you've probably heard before, SOX is not Y2K. The rules are different for year two. So what is the CIO's role in ensuring that the enterprise not only achieves, but also continues optimal SOX compliance? This version of the Executive Guide addresses this question in particular. Claudia Imhoff, a seasoned SOX expert offers some specific advice for IT executives dealing with the regulations in this act. Also included in this guide are links to additional SOX resources from around the Web.

This Executive Guide is part of the SearchCIO Executive Guide series, which is designed to give IT leaders strategic guidance and advice that addresses the management and decision-making aspects of timely topics. For a complete list of topics covered to date visit the Executive Guide section. To be alerted when new Executive Guides are available subscribe to the free monthly e-newsletter, CIO Advisor.

Table of contents

   Expert's Corner
   NEW! Glossary
   Basics and SEC news
   NEW! Audit advice
   NEW! SOX spending
   Research and trends
    Sarbanes-Oxley and the CIO
   More resources

  Expert's Corner Return to Table of Contents
Claudia Imhoff

The Sarbanes-Oxley Act (SOX) is one of the most far-reaching legislations to have occurred in the U.S. in a long time. It covers everything from who can sit on a board of directors to penalties for mistreating corporate whistle blowers. Its ultimate goal is to restore investor confidence in the wake of the mammoth scandals rocking the stock markets. Compliance with this new legislation is proving to be very expensive (analysts project more that $5 billion will be spent) and time-consuming. And the act is still being interpreted!

But SOX is more than just financial legislation. Certainly it is concerned with ensuring the validity and transparency in the creation and documentation of information in financial statements, but it also means having the right IT systems in place. Unfortunately, reacting today may leave companies playing catch-up in the future. And there are a lot of technologies and software companies touting their ability to support SOX compliance. What is a CIO to do?

The first step is to assign responsibility to someone or some group in the organization for overseeing SOX compliance. The current thinking on who's responsible for this is that there should be some sort of Compliance "Officer" separate from the CIO. In my opinion, if you create this position, it may indicate that the CIO is not involved and that the other executives can wash their hands of compliance issues. Instead, I would recommend forming a committee consisting of the CIO, CEO and CFO, with the compliance officer reporting to the committee.

For more information on how CIOs can handle SOX compliance, check out this segment of the Executive Guide. It will focus on what is needed from a technological point of view for corporations to reach SOX compliance. The focus will be on the visibility, accountability and better governance of critical financial data and the significant role that IT plays in achieving this.

Dr. Claudia Imhoff is founder and president of Intelligent Solutions Inc. in Boulder, Colo. She is an internationally recognized expert on SOX, analytical CRM, business intelligence and the infrastructure to support these initiatives -- the Corporate Information Factory.

  Glossary & basics Return to Table of Contents
  Basics and SEC news Return to Table of Contents
  Audit advice Return to Table of Contents
  SOX spending Return to Table of Contents
  Research and trends Return to Table of Contents
  Sarbanes-Oxley and the CIO Return to Table of Contents
  Compliance Return to Table of Contents
  More resources Return to Table of Contents


Regulatory Compliance Best Practices: Mitigating Information Security and Availability Risks and Achieving Sustainable Compliance

Compliance. Corporate governance. Enterprise risk management. Regardless of company size, industry, or location, these words are an integral part of most business objectives. Learn how a strategic approach to compliance delivers various benefits.

Download this free white paper today to learn more.

Dig Deeper on Data management tutorials

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.