By Kim S. Nash
August 03, 2007 — CIO — Paul Sarbanes and Michael Oxley have left Congress, but they’re never far from the thoughts of CIOs responsible for making their companies’ financial systems produce accurate data. Everyone’s favorite kvetch is the high cost to comply with the Sarbanes-Oxley Act of 2002, but now chief information officers are, in some ways, better off.
For the past five years, CIOs have dealt with being micromanaged by colleagues outside of IT and suspected a conspiracy by CFOs to undermine them. They’ve been inundated by vendors with fabulous claims of compliance-in-a-box and have listened to former Federal Reserve chairman Alan Greenspan decry Sarbanes-Oxley as a “nightmare” that should be rewritten.
But looking back, the rules that Sarbanes, a former Senate Democrat from Maryland, and Oxley, a former Republican representative from Ohio, wrote to make U.S. companies more accountable for their financial data also have lifted the career trajectories of some CIOs, says Lee Dittmar, a principal at Deloitte Consulting who oversees enterprise governance.
Yes, Dittmar says, Sarbanes-Oxley burdened technology departments by forcing, for example, more detailed reporting about how software projects affect a company’s financial data. IT also has to work side by side with internal and external auditors, as well as with the finance group, to identify how their companies handle accounting data electronically and manually, then tighten those processes to prevent fraud. “It has been painful,” he says. For many companies, documenting, testing and maintaining financial controls to the extent required by the legislation was a major change from past practice, he says.
But because technology enables the production of nearly all of the financial information under scrutiny, he says, now senior executives see that “what happens in IT is strategic.”
As companies have struggled to understand and then follow Sarbanes-Oxley, CIOs have had the chance to talk with senior executives specifically about how IT affects the business, says Patty Azzarello, a CIO careers consultant in Palo Alto, Calif. “This conversation in many cases opened the door for CIOs to get more airtime in budget and planning discussions, which is vital if they want to have an impact on corporate strategy.”
The cost of complying with Sarbanes-Oxley depends on how complex your company is—multiple lines of business? global offices?—and how badly financial data was monitored historically. But generally, the amount of money spent per year on adhering to the regulations has been declining, according to a recent survey from Financial Executives International (FEI), a professional association in Florham Park, N.J.