The Cost of Complying With Sarbanes-Oxley | eWeek

The Cost of Complying With Sarbanes-Oxley

Written By
Sean Gallagher
Sean Gallagher
Aug 1, 2003
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Did you know that:
The process never ends
Bringing your systems into compliance with a new financial reporting law may be your biggest information-technology expenditure this decade. Some say implementing compliance with the Sarbanes-Oxley Act is a bigger project than Y2K bug fixes. “That might seem extreme,” says Kraig Haber, director of financial product marketing at SAP. “But Y2K was a single task —this is a recurring one.”Weve seen clients invest tens of thousands of hours to achieve minimal Sarbanes-Oxley compliance,” says Gregory Derderian, managing director of the World-Class Finance practice at consultancy BearingPoint.

Speed is a requisite
Under Sarbanes-Oxley, the allowed time to file quarterly reports will fall from 45 days now to 35 days in 2005; and annual reports will have to be filed within 60 days of the close of the year, rather than 75. Disclosures of “material events” and insider trades must be filed within two days.If youre still dependent on older systems for some of your financial data—such as legacy Cobol-based transaction processing systems or terminal-based order entry systems—you may have to alter or replace that software to speed up the reporting process.If your integration between these systems depends on moving “flat-file” data in batches, or some other periodic data transfer, the data may not be transferred frequently enough to ensure that decision-support systems and financial reports are up-to-date and accurate. Monthly roll-ups of financial data may leave companies scrambling to meet quarterly report deadlines.Packaged enterprise-resource-planning systems such as SAP R/3 and Oracle 11i dont depend on batch processing, so theyre less susceptible to these sorts of problems internally. But if your companys not using such a system to capture transactions, the points where data is passed along can still spell trouble.

Not all data can be tamper-proof
Thats because there are so many information systems and corporate processes its virtually impossible to lock them all down. A typo on an order-entry screen or a small mistake in any of thousands of manual processes can create inaccuracies throughout the financial reporting process. Security of financial data also is generally dependent on trust in individuals. As demonstrated by the Autotote betting scandal (see “Inside Bet,” Baseline, Dec. 2002, p. 15), even the most secure business processes are vulnerable if a trusted individual wants to commit fraud.The best first step in preventing fraud is to keep access to systems that create or manage financial information separate from access to the places where data is stored. Also, users should only have access to data needed by the applications theyre permitted to use; only system administrators should maintain the underlying database.Information moved in batches also could be compromised while its waiting to be uploaded—or misread by the software that uploads it.

For the full story click here

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.