Wednesday, October 12, 2005
Sarbox: year 2
The second time around promises more headaches, but some best practices are emerging.
One of the biggest lessons that US companies have learned in their first foray into Sarbanes-Oxley concerns the role that IT plays in supporting financial processes. While this caught many of them off-guard, some best practices are emerging, from both a technology and a management perspective, that can help address the compliance burden in year two and beyond without massive expense and perpetual panic.
Create a formal oversight group
Companies should establish a multidisciplinary governance council or steering committee to set the scope of compliance and resolve issues quickly. At First Commonwealth Financial in Pennsylvania, John Heise, vice president and operations audit manager, says that his company's Sarbanes-Oxley committee aims to foster a sense of accountability for compliance, and that requires a mix of skills. “Finance understands what controls need to be put in place,” he says, “and IT offers advice on how to manage data resources.”
See full Article.