Analysts Say New Regs Will Be Worse Than Sarbox

Lora Bentley

A heavier IT burden than Sarbanes-Oxley or the Patriot Act.


That's what some say is coming in the regulations that will result from the country's financial meltdown. Like I told my boss earlier, it sounds just plain ugly. What could be worse than Sarbox?


In a piece published Wednesday, InfoWorld's Ephraim Schwartz talked to analysts and industry executives who agree that the next round of regulations will require more transparency in "how companies and what they trade are linked together." Larry Rafsky, CEO of Acquire Media, explained:

The last two tsunamis to hit IT, the Patriot Act and Sarbanes-Oxley, required companies to know their customers and to know themselves and their [own] finances. Now, the upcoming regulations will say, "Know your customers' finances."

And IT will bear the burden because IT will use more audit and review technology to enforce those requirements. The reporting requirements will be stiffer and will require more detail.


Companies will be looking for different skills on their IT teams, too. For instance, IT staffers will need a significant degree of business savvy to implement and administer the systems that will monitor the finances of a company's customers, Rafsky said. Craig Carpenter, who is general counsel at Recommind, told InfoWorld that IT folks with legal expertise may also be in high demand because companies who suffered huge losses may face lawsuits.


Also according to Carpenter, and perhaps most significant, "Anybody that deals with brokers, banks, and credit-risk-based assets will have to be involved." In other words, the newest regulations won't be limited to the financial industry. The good news is, it might mean more job security for IT.

Add Comment      Leave a comment on this blog post
Nov 20, 2008 4:09 AM Sean Burns Sean Burns  says:
With the current state of the economy and many businesses tighting their purse strings, organizations will have to take what they learned from the implementation of SOX and compliance in general in this new effort. Many organizations went overboard in their compliance strategy, increasing staff to manage compliance, increasing delivery times with reviews and sign-offs, etc. The new set of regulations will need to be implemented and managed in a streamlined fashion that allows them to be effective while not getting in the way of organizations conducting business. And they will have to do this in a down economy where expenses are being tightly managed.The challenge will be to implement the most efficient oversight process with IT providing the tools, process and methods to be non-invasive. Reply
Nov 20, 2008 4:59 AM kaylee kaylee  says:
I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.kaylee Reply
Nov 21, 2008 8:40 AM Jackie Gilbert Jackie Gilbert  says:
Lora-Interesting commentary on how impending regulation will place an ever-growing burden on IT. I believe the new regs will actually force IT teams to be more savvy about how they transfer some of the burden to the lines of business. Without collaboration between the two groups, organizations cannot effectively address risk. The business owners of information (not IT) are ultimately accountable for issues like fraud prevention and information integrity. These individuals understand the business risks facing the organization and can make the appropriate tradeoffs between business benefits and risk. Unfortunately, business users lack the technical skills to use technology for auditing and forensic purposes-they typically can't make sense of IT data like event logs and don't know how to use tools like policy editors. In order for IT and business to share the risk management burden, business processes and technologies need to bridge-finally-the gap between business and IT. Companies need solutions that automate monitoring and controls while providing the meaningful information that business users need to make accurate decisions and risk trade-offs. Reply
Nov 22, 2008 2:13 AM Ross Greenberg Ross Greenberg  says:
Greetings! First time, long time. I've saved the "positive" articles on SOX since 2005 and I'm always interested in articles and or quotes from the costs too much, it's time has come and gone, during the global Depression it will place too many burdens on blah, blah, blah...Always consider the source, I say, then understanding where these folks are truly coming from will be SO much easier. Thanks Lora and keep up the great work! :-)Ross GreenbergWall Streeter, 9-11 Survivor, Patriot Reply
Nov 22, 2008 4:47 AM Ray Bryant Ray Bryant  says:
IT is missing a trick when it comes to compliance. The dreaded audit has always been regarded as an imposition that just leads to extra licenses costs, but it is the cost of compliance, or is it!! The trick being missed? Get ahead of the game, get your users under control, save on licenses costs and Maintenance costs, AND even MORE important, gain the security of knowing who is doing what and prevent potential fraudulent loss of actual money, or the loss of information that is being sold (this can be millions of $'s). Do this on your Series i servers and you will save fortunes whilst getting inline with 404 requirements. If you want more information, just email me. I used to be CEO of the largest independant Software Audit company in the world, I know what the data collected can show you. Its a no brainer really; take control yourself save money and get secure. Reply
Nov 22, 2008 4:52 AM Ray Bryant Ray Bryant  says:
bryantr@sky.comIs the place to go for help on licence management, management Information, user management, security and compliance (internal requirements and external requirements) Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.