In parts of the business world, the term “Sarbanes-Oxley” has become synonymous with overbearing and counterproductive regulation. But the legislation itself may have improved things for some top information-technology executives.
Five years after the U.S. Department of Justice began investigating Enron, the changed legal environment of which SarbOx is the most visible part has given chief information officers a key compliance role. Computers and software run many of the systems that have helped companies tighten their financial processes and adhere to the Section 404 rule for internal controls.
“This is helping to bring CIOs to the table,” said John Rostern, director of technology risk in the New York office of consulting firm Jefferson Wells. “Theyre being invited in.”
Indeed, some CIOs have treated compliance requirements as an excuse for doing strategic reviews of their companies systems. Some have consolidated multiple enterprise resource planning deployments into one, according to Ted Frank, president of Axentis, a compliance software company in Warrensville Heights, Ohio. Others have upgraded different parts of their technology infrastructure or added new staff. “Compliance tends to be used as a tool to get budgets and projects kick-started,” Frank says.
To be sure, since its passage in 2002, SarbOx has also produced plenty of headaches for technologists. The need to shore up systems to meet the new standards has meant more hours at the office. And there has been confusion—especially amid conflicting advice from vendors—about exactly what needs to be done.