SmartAdvice: Spreading IT Knowledge Among Staff Benefits All - InformationWeek
02:44 PM

SmartAdvice: Spreading IT Knowledge Among Staff Benefits All

Staff development of IT knowledge is a win-win for everyone, The Advisory Council says. Also, it's time to evaluate IT structure in light of ongoing Sarbanes-Oxley compliance.

Question B: What must we be prepared for in terms of our future ongoing compliance with Sarbanes-Oxley?

Our advice: As companies approach the end of phase 1 of their Sarbanes-Oxley compliance initiatives, many are taking time to evaluate the impact of SOX on their organizations.

  • Cost: How much has it cost the organization in time, money, resources and opportunities to comply with Sarbanes-Oxley?

  • Benefit: What have been the primary tangible and intangible benefits?

  • Controls: What controls have been put in place and how does one measure their effectiveness?

  • Compliance: Where are they on the Sarbanes-Oxley compliance curve?

Ongoing Compliance
The Sarbanes-Oxley Act has been compared to "Y2K, but without a deadline." While the initial phase has been one of making the organization Sarbanes-Oxley compliant, the ongoing compliance is what will likely pose the real challenge in the months and years to come.

Related Links

Information System Audit and Control Association: How ISACA is Addressing Sarbanes-Oxley Issues

Most Large Companies See Sarbanes-Oxley Compliance As Part of Broader Corporate Governance Initiative

Symposium Foreword - After the Sarbanes-Oxley Act: The Future of the Mandatory Disclosure System

The Sarbanes-Oxley Guide for Finance & IT Professionals, Sanjay Anand

  • Given the recentness of the Act, and fear of the "long arm of the law," companies have scrambled to do whatever it took to become compliant. As with any such initiative, after a while complacency will set in, and executives will have to make a concerted effort to ensure ongoing compliance.
  • As normal business activities continue, including mergers-and-acquisitions and partnering with new vendors, privately held businesses and non-U.S. corporations will be forced to become compliant with Sarbanes-Oxley, and the burden of verifying this compliance will fall on the public U.S. corporations.
  • Sarbanes-Oxley has set a global trend of business regulation by government that's only likely to increase over time, as is evidenced by similar reforms in European and Asian countries. Ensuring compliance with these new laws, while keeping Sarbanes-Oxley initiatives in place, will take a toll on the already overworked compliance committees of U.S. and non-U.S. corporations.
  • The Immediate Future
    Most research and surveys point to an expected spending of approximately $6 billion in 2005, with approximately $2 billion of that on technology, and $3 billion on headcount. What can companies do to prepare themselves for the road ahead?

  • People: Before investing another dime into headcount for your Sarbanes-Oxley compliance, be sure to know what you're getting in terms of skills, qualifications, experience and abilities. Ensure that members of the compliance team receive appropriate training. Consider the use of certifications such as SOXBase and SOXPro from the Sarbanes-Oxley Group of Auditors and Professionals (SOXGAP) to confirm that your staff is qualified.
  • Technology: It was demonstrated over the past year that many companies had adequate technology to make it through the first phase of Sarbanes-Oxley compliance. However, with that now behind us, companies need to re-evaluate their technology infrastructures to ensure that they will be able to withstand the increasing demands of ongoing compliance in the organization.
  • Business: As business returns to "normal" with the added checks-and-balances of Sarbanes-Oxley compliance, companies will now have an opportunity to embark on the many projects that were put on hold during the past year, as well as to evaluate and assess the seamless integration and effectiveness of their new controls procedures in regular business activities.
  • -- Sanjay Anand

    Norman Reiss, TAC Expert, has more than 20 years experience in project management, information technology, and finance for the private and not-for-profit sectors. He has a record of managing successful cost-effective technology solutions that positively impact organizational growth and development. His expertise includes designing Internet and Web site strategies, selecting and implementing database and CRM systems, planning and monitoring budgets and utilizing on-demand and ASP hosted services. He's currently Web project manager with the Crain's and Colitis Foundation.

    Stephen Rood, TAC Expert, has more than 24 years experience in the IT field specializing in developing and implementing strategic technology plans for organizations as well as senior project management and help-desk operations review. His consulting experience has included designing and implementing a state-of-the-art emergency 911 call center for the city of Newark, N.J., managing technology refreshes for a major nonprofit entertainment organization as well as a large, regional food broker, and he also worked at Coopers & Lybrand, General Foods, and Survey Research. He is the author of the book "Computer Hardware Maintenance: An IS/IT Manager's Guide" that presents a model for hardware maintenance cost containment.

    Sanjay Anand, TAC Expert, has more than 20 years of IT and business-process-management experience as a strategic adviser, certified consultant, speaker, and published author. More than 100 personal clients, large and small, have included companies from a diverse array of industries and geographies, from academia to technology and from Asia to the Americas. He often is referred to as a "consultant's consultant" for training and mentoring skills. He is the author of "The Sarbanes-Oxley Guide for Finance and Information Technology Professionals" and "J.D. Edwards OneWorld: A Beginner's Guide."

    2 of 2
    Comment  | 
    Print  | 
    More Insights
    Newest First  |  Oldest First  |  Threaded View
    How Enterprises Are Attacking the IT Security Enterprise
    How Enterprises Are Attacking the IT Security Enterprise
    To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
    Register for InformationWeek Newsletters
    White Papers
    Current Issue
    2017 State of the Cloud Report
    As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
    Twitter Feed
    InformationWeek Radio
    Archived InformationWeek Radio
    Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
    Sponsored Live Streaming Video
    Everything You've Been Told About Mobility Is Wrong
    Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
    Flash Poll