Chapter 6. Sarbanes-Oxley and IMC
While Sarbanes-Oxley is financial legislation, at its heart it is about ensuring that internal controls or rules are in place to govern the creation and documentation of information in financial statements. Since its systems are used to generate, change, house and transport that data, CIOs have to build the controls that ensure the information stands up to audit scrutiny.
CIO magazine[59]
The Sarbanes-Oxley Act (SOX),[60] passed in the wake of the high-profile corporate scandals that filled the headlines in the opening years of this decade, is a complex piece of legislation with an enormous impact on IMC.
Organizations are spending a great deal of money and making major changes to ensure SOX compliance. As time passes, the changes are bearing fruit. In 2007, the average cost of complying with SOX section 404 was $1.7 million, according to Financial Executives International. These costs, however, represent a decline from the previous year.[61] Another survey reported internal control weaknesses down nearly 45% in the three years since SOX went into effect.[62]
While much of the discussion around SOX has focused on its impact on corporate governance, financial reporting, and accounting practices, the law's impact extends beyond these areas. In fact, the law goes to the heart of IMC by affecting the way that organizations must manage and control information.
As a law, SOX is designed to improve the accountability and transparency of public companies. Accountability ...
Get Information Nation: Seven Keys to Information Management Compliance, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.