Study: Sarbanes-Oxley Doesn't Worry Most IT Managers 2

An Aberdeen Group survey says most IT managers polled plan to leverage their existing software to fill any gaps to comply with the act's mandates.
Many IT managers look with dread on the Sarbanes-Oxley Act--but in reality, the law might not be as onerous when they actually have to face its implementation, according to a new study.

In a survey of IT managers in its client base, the Aberdeen Group found that most IT managers plan simply to leverage their existing software tools to fill in any gaps to comply with the act's mandates. "Sarbanes-Oxley is asking companies to make sure they have documenting procedures in place," Aberdeen Group's Christa Degnan says. "Many companies already have them in place."

Degnan, research director of Supply Train Research at the consulting firm, says she believes potential problems associated with the implementation of the act have been "overhyped." There's nothing inherent in Sarbanes-Oxley that needs to be understood, she adds--good informal reporting and auditing procedures often can be updated to conform to audit trails mandated by the act.

"Some respondents indicated that Sarbanes-Oxley compliance prompted changes in their supply-management strategies and operations, but no corresponding increases in their IT budgets," she notes. A few respondents, representing about 10% of those polled in the survey, say Sarbanes-Oxley had no impact whatsoever on their supply-chain organizations.

Aberdeen found that two-thirds of IT managers and purchasing agents responding to its survey plan to leverage and extend their existing business systems. Of the remaining one-third, most say they plan to evaluate new business applications.

What about the one-third who say the act will have an impact on their IT and supply-chain operations? Degnan indicates that IT operations with existing inadequate compliance procedures and controls could be pressed into improving such procedures by the law. "[We recommend] that enterprises look beyond basic spend compliance to focus on the total cost of ownership of supply relationships," she says.

Aberdeen found that, of the one-third considering upgrading IT operations to comply with Sarbanes-Oxley, more than 40% are considering beefing up their contract-management and supply-chain analytics functions. About 35% are looking at upgrading spending analysis and invoice reconciliation and payment. Other upgrades prompted by Sarbanes-Oxley: supplier performance measurement, employee expense reimbursement automation, inventory management, E-sourcing, and E-procurement.

Degnan and the co-author of the report, Tim Minahan, VP of Supply Chain Research, tackled the outsourcing phenomenon in the study. "Outsourcing is a little tricky," Degnan says, noting that it's still unclear exactly to what extent outsourcing functions will have to be audited.

Degnan suggests that non-critical functions can be easily outsourced without much worry on the part of IT managers. "Turning over non-mission critical supply-management responsibilities to a third-party specialist could be just the ticket," she says.