Portals eNewsletters Web Seminars dataWarehouse.com DM Review Magazine
DM Review | Covering Business Intelligence, Integration & Analytics
   Covering Business Intelligence, Integration & Analytics Advanced Search

View all Portals

Scheduled Events

White Paper Library
Research Papers

View Job Listings
Post a job


DM Review Home
Current Magazine Issue
Magazine Archives
Online Columnists
Ask the Experts
Industry News
Search DM Review

Buyer's Guide
Industry Events Calendar
Monthly Product Guides
Software Demo Lab
Vendor Listings

About Us
Press Releases
Advertising/Media Kit
Magazine Subscriptions
Editorial Calendar
Contact Us
Customer Service

Information Strategy:
Life after Sarbanes-Oxley Compliance

  Column published in DM Review Magazine
March 2005 Issue
  By Jane Griffin

There is none - life after Sarbanes-Oxley compliance, I mean. Why? Because there is no "after" when it comes to being in compliance with the 2002 Sarbanes-Oxley Act. Sarbanes-Oxley (SOX) compels public corporations to file annual reports with the SEC that detail the process by which corporate management has established and maintained internal governance structures and processes for financial reporting. It also requires companies to report on the effectiveness of those efforts. In short, SOX compliance requires an ongoing effort on the part of all public (and a growing number of private) companies to put their financial reporting houses in order and to keep them that way.

If your company is like many others, you found some significant problems with your IT infrastructure during the process of complying with SOX regulations. The problems range from unnecessary complexity in data structures, processes and systems to insufficient alignment between IT and businesspeople, to ineffective use of technology to make corporate governance more efficient and successful.

Moreover, many companies have found that in complying with SOX regulations, the information quality and corporate governance initiatives they've put in place have created a disconnect between financial and other management and operational information. Indeed, the SOX compliance effort has exposed a plethora of IT and data quality problems many companies didn't even know they had.

To reach compliance with SOX regulations in the required time frame, many companies implemented temporary fixes to their IT and governance problems; however, sustained SOX compliance will take more than these provisional repairs. Sustainment will require a concerted effort to root out and fix IT infrastructure, governance and communications problems. It will also require a shift in the way you view the entire SOX compliance process.

You must develop the point of view that compliance is not a "once-and-done" effort. Sustainment requires enormous effort on the part of the people charged with SOX compliance, as well as coordination of the business processes and IT resources used initially to achieve compliance. Specifically, you must create a culture of compliance sustainment. This will require moving from a "project" to a "program" mentality.

Your goal in the initial compliance effort was to successfully complete an enterprise-wide project that brought financial processes and information systems into compliance with SOX regulations. The goal of a sustainment program, however, is more comprehensive. A successful sustainment program should create and implement a corporate governance system that ensures a measurable, effective and efficient system of internal controls and procedures, as well as a clearly defined assessment, monitoring and reporting process for evaluating the efficacy of the controls and procedures.

The key to reaching that goal will be to build a sustainment framework that integrates internal controls assessment, monitoring and reporting with financial and disclosure monitoring and reporting. You start by investing in the best business intelligence (BI) technologies on the market and then building an information architecture that leverages those technologies to integrate their management, monitoring and reporting capabilities and to provide quality information for reporting and analysis.

In the course of implementing the sustainment framework, you must also make some organizational changes. First, focus on reducing complexity and inconsistency in your business process model. Complexity and inconsistency add costs to the sustainment effort. Complex and/or inconsistent processes result in fragmented and inconsistent information, errors in execution of the processes and nonstandardized workflows, which add up to wasted time and money.

Second, focus on the human side of the sustainment effort. Use the opportunity provided by the creation of the sustainment framework to define and implement clear roles, responsibilities and accountability pathways for all the people involved in the sustainment effort. Then give these people two things: education and training on the new corporation information culture and the authority to make decisions as needed (and as their roles dictate) to adapt to changes.

In this column, I've only scratched the surface of Sarbanes-Oxley's implications for business and IT. The impact will be extensive, and it will resonate throughout the company. It has already exposed significant data problems and information quality gaps for many companies. In upcoming columns, I will delve more deeply into what it takes - from both architectural and organizational perspectives - to create a culture of sustainment that reaches far beyond mere compliance to seize the opportunity that SOX has offered to create a strong, flexible, adaptable ethos of corporate governance and information quality throughout the enterprise. Bottom line: there are tremendous business and technology improvements that can be realized from these initiatives. Stay tuned! 


For more information on related topics visit the following related portals...

Jane Griffin is a Deloitte Consulting partner. Griffin has designed and built business intelligence solutions and data warehouses for clients in numerous industries. She may be reached via e-mail at janegriffin@deloitte.com

Deloitte Consulting LLP Principals Lee Dittmar and Jane Griffin talk about the importance of closing the gap between data and information in a podcast entitled "Compliance and IT: A Catalyst for Change."

View Full Issue View Full Magazine Issue
E-mail This Column E-Mail This Column
Printer Friendly Version Printer-Friendly Version
Related Content Related Content
Request Reprints Request Reprints
Site Map Terms of Use Privacy Policy
SourceMedia (c) 2006 DM Review and SourceMedia, Inc. All rights reserved.
SourceMedia is an Investcorp company.
Use, duplication, or sale of this service, or data contained herein, is strictly prohibited.