Tuesday, July 27, 2004

IT looks the weak link in compliance

Publication:Computer Weekly; Date:Jul 27, 2004; Section:This Week; Page:4
IT looks the weak link in compliance
Nick Huber nick.huber@rbi.co.uk 
IT systems could be the weak link in an organisation’s compliance projects, according to Ernst & Young.
The professional services firm found that more than 40% of large US companies surveyed had discovered “significant weaknesses” in the IT systems underpinning projects to comply with the Sarbanes-Oxley regulations on corporate governance.
Sarbanes-Oxley, which comes into force next April for UK firms listed on US stock exchanges, will require companies to link financial reporting systems in different offices and subsidiaries.
Section 404 of the Sarbanes-Oxley Act 2002 requires listed companies to report on the effectiveness of their internal controls, such as rules embedded in IT systems or financial safeguards.
IT problems highlighted by the Ernst & Young survey included controlling employee access to sensitive financial information and IT security.
“Management should not underestimate the IT implications of Sarbanes-Oxley and the volume of work this requires from the typical IT department,” said Erol Mustafa, partner at Ernst & Young. “Businesses often fail to understand fully how their IT systems actually control business processes. Documentation and testing of these controls is critical, and documentation that already exists often does not reflect the reality.”