Sarbanes-Oxley Brings Business Benefits Outside the USA
Just as the mists were starting to clear for C-Level executives, a torrent of SOX is heading Europe's way. It can certainly be argued that Euro-CIOs should already be aware of Sarbanes-Oxley, but so many of them said “US Only. Not Relevant!” and moved on. The more astute looked at the regulatory regime and said “Ah, if we comply here, then it genuinely makes our lives easier for the future,” because they recognised competitive advantage and cost saving when they saw it.
SOX for Europeans is not the same mandatory set of regulations that MiFID is for the finance sector. SOX is not mandatory for Europe anyway, but complying with SOX here, now, means better business practices ahead of the regulator.
But those who advertise ‘Sarbanes-Oxley Compliant' software and those who buy it will have a shock, according to Dennis Keeling, Chairman of the British Software Developers Association. “There is no such thing as ‘Sarbanes-Oxley Compliant',” says Keeling. He makes a valid point.
Compliance is a process, in the same way that CRM is a process. Fail to plan the process and failure in SOX compliance is as inevitable as stalled CRM implementations. The CIO and the CFO need to work closely together on SOX, and the IT director needs to take control of the process because he has the best chance at control.
For example, the uncontrolled proliferation of spreadsheets is as much of a headache in SOX as it is in Data Privacy and Data protection, though from a very different perspective. Currently SOX allows a spreadsheet as a ‘manual process' but requires that the process be tested regularly for correctness of process. This adds enormously to costs.
Elimination of financial spreadsheets as even a part of the basis for preparation of the accounts means that proper SOX proof can be shown that the final accounts are the same as the figures used in the business. It sounds simple, but it isn't. The world relies on spreadsheets, or has done hitherto. But an analysis of business efficiency, almost the old production line Time and Motion Study, will show where there are huge business inefficiencies with (for example) fragmented, spreadsheet based systems. VisiCalc has a lot to answer for, it seems! Driving these inefficiencies out of the business process is surely one major part of the CIO's role, and by doing so the CIO becomes at one with the business more than ever before.
What does IT need to consider?
- Inventory of IT Assets - what, where and who owns it?
- What is Outsourced?
- Security - who has access? Is there an audit trail ?
- What IT Governance framework do you use? Is is similar to your peers?
- Data Transfers - how does your interoperability and data integrity work?
- Have you deployed ERP to replace other disparate systems? Should you do so?
- Do you have control of, have you eliminated end user spreadsheets?
- Are the systems tested for sustained SOX compliance requirements?
- Are you using SOX investment to consolidate IT systems?
- Are you using SOX investment for business process management and other reporting?
What are the Business Benefits of SOX?
- European legislation is likely. SOX compliance means you are ahead
- SOX compliant companies are:
- ready for US listing
- ready for US acquisition
- Lower annual audit costs
Discuss This Article