Companies are increasingly finding that the implications of dealing with the corporate accountability requirements of the Sarbanes Oxley Act are larger and thornier than they ever expected. I thought I’d pass along some links to resources that I’ve found recently that are good starting points for dealing with Sarbanes Oxley Act issues, especially from the IT point of view. Five Things IT Needs To Know About Sarbanes-Oxley Compliance (CIO.com); Sarbanes-Oxley: Tech to the Rescue? (CFO.com); Sarbanes Action Plan (Computerworld); Surviving Sarbanes-Oxley (Optimize Magazine); Making Sarbanes-Oxley Pay: Achieve an ROI from Regulatory Compliance (IntelligentBPM.com); and Sarbanes-Oxley Information Center (PriceWaterhouseCoopers/CFODirect.com).
A good summary of the current state of affairs is found in the Computerworld article:
“‘There’s a tremendous amount of confusion’” about what IT should be doing to ensure compliance with Sarbanes-Oxley, says John Hagerty, an analyst at AMR Research Inc. in Boston. A recent AMR poll of 60 companies found that while 85% are anticipating changes in system and application infrastructures, an equally whopping 80% are unsure of what the changes will be.”