Friday, October 07, 2005
Operations Risk - Sarbanes-Oxley Compliance Help IT Execs Improve Plans
Executives who oversaw the first round of Sarbanes-Oxley Act compliance for their companies said this week that in hindsight, they likely would have done things a bit differently, according to attendees at the Sarbanes-Oxley Conference & Exhibition in Baltimore.
The changes they would make include better educating workers about the steps that need to be taken, assigning dedicated staffers to assess, monitoring critical controls, and automating a greater portion of repairs to deficient IT controls.
Neil Frieser, vice president of internal controls at Viacom in New York , said that his Sarbanes experience taught him that "you want to start the process early, to educate as many people as possible." Frieser said Viacom conducted 19,600 tests on 1,560 business controls and 540 IT controls last year to meet Section 404 of the law. The work covered 116 business processes and 75 IT applications throughout the company. One of the best lessons Viacom executives learned and acted on during the process was to identify and test internal controls centrally rather than hand the work off to each of a dozen business unit leaders. Frieser said, "We developed a lot of guidance centrally instead of having a lot of guesswork in each of the business units. We weren't perfect in 2004, but we got more right than we got wrong."
See full Article.