DM Review Published in DM Review in April 2005.
Printed from

Information Strategy: Building a Culture of Sarbanes-Oxley Sustainment

by Jane Griffin

In last month's column, I talked about building a program of Sarbanes-Oxley (SOX) sustainment. One of the key attributes of the sustainment program is financial information transparency that reveals the level of information quality throughout the organization. Establishing the governance processes that define data standards, audits and controls are critical steps to ensure a high level of information quality throughout the organization.

There are really two components to a SOX sustainment data quality program:

  1. A governance program that defines a culture of and guidelines for information quality supported by knowledge-workers and managers throughout the company.
  2. An information technology (IT) architecture that ensures consistently high-quality information is delivered to the right people, at the right time.

This month, I'm going to focus on building the culture of information quality. Next month, we'll tackle the foundations of the IT architecture. I'm really big on mnemonics to help me remember things; you know, those memory aids you learned in school to help you remember concepts such as the order of the planets, etc. Well, I've come up with my one of my own. It's the four "C's" of building an information quality governance program: communication, cooperation, collaboration and continuation.


Let's begin with communication. Culture of any kind - including a culture of SOX sustainment - is predicated on communication. Knowledge is shared and increased via communication. Further, how effectively workers are educated on their responsibilities depends entirely on how effectively those responsibilities have been communicated.

The first characteristic of good communication is that all workers who need a particular knowledge set actually have it -- or access to it. It means that all departments, units, etc., involved in sustaining SOX compliance have the knowledge they need about compliance rules, goals, initiatives, processes and progress.

The second characteristic of good communication is that it must be a corporate value. People with ideas for improvement - as well as issues of concern - must be encouraged to express them. As the ideal, this should be a formal process that ensures ideas are heard and issues are dealt with in a timely manner.


The next "C" of data quality governance is cooperation. Cooperation is an attitude. In a cooperative company, all workers pull together to ensure that the company's goals are met. They have empathy for other workers; they understand that working together as a team is the most effective way to achieve their objectives.

However, building a cooperative culture is often problematic. In many companies, people strive to accumulate influence and control to help them perform their jobs more effectively. Power struggles are frequent. In contrast, in cooperative companies, influence and control are still parts of the equation, but they are used to engender teamwork - not competition. In a culture of SOX sustainment, cooperation is an ideal that must be continually pursued.


The next "C" is collaboration. If cooperation is the attitude, collaboration is the practice that follows. Collaboration is using the fuel of a cooperative spirit to power the teamwork that effectively achieves corporate objectives. In the case of data governance supporting SOX compliance and sustainment, the main objective is to design, implement and constantly improve data management processes.

Collaboration is working toward achieving a synergy (I know that word is overused!) where the product that the team delivers truly is greater than the sum of the individual contributions. With data management efforts, collaboration is absolutely critical because the state of corporate data quality is perfectly representative of the old maxim: garbage in, garbage out.

Moreover, data quality is not just an IT issue. Everyone from customer service representatives to the people in sales, finance, accounting and every other point of data entry and manipulation of the corporate information systems must play their part in ensuring that the corporate data is clean.


The final "C" is continuation. Continuation is the heart of data governance. As I said last month, SOX compliance is not a "once and done" effort; it's a journey. Ongoing compliance - sustainment - is mandatory. Continuation involves developing and implementing metrics and processes to measure and support data quality efforts. It also involves making continuation a corporate value, just like all the other "C's."

Because it can be measured via metrics, one way to make continuation a corporate value is to make data quality a point of corporate pride. Talk about sustainment in the internal mission statement. Tie sustainment goals to improving business processes, achieving growth of market share and competitive edge. Another, perhaps more concrete, way to make continuation a corporate value is to tie it to things that matter personally (and financially) to workers, such as bonuses, advancement, etc.

SOX Sustainment

I'm not asking you to radically change your organizational culture. What I'm proposing is that you define a governance process that makes tweaks to the culture that already exists, making it more capable of undertaking your SOX sustainment effort. Sustainment is not a choice; it's mandatory and it's hard work. It's just that with a corporate culture built around the SOX sustainment philosophy, it might not be so hard to do the hard stuff after all.

Jane Griffin is a Deloitte Consulting partner. Griffin has designed and built business intelligence solutions and data warehouses for clients in numerous industries. She may be reached via e-mail at

Deloitte Consulting LLP Principals Lee Dittmar and Jane Griffin talk about the importance of closing the gap between data and information in a podcast entitled "Compliance and IT: A Catalyst for Change."

Copyright 2006, SourceMedia and DM Review.