Sarbox Compliance Cheat Sheet

Lora Bentley

In Tuesday's Sarbanes-Oxley Compliance Journal, Syrinx Consulting CEO Andrew Gelina outlines several do's and don'ts for CIOs who are implementing a Sarbanes-Oxley compliance program in their companies. Though they are most likely review for many, they zero in on one important fact that is often forgotten:

[A]ny compliance effort requires the cooperation of people, and people are imperfect.

To that end, the "Do" list includes such advice as:

  1. Start with good IT governance, then move to financial controls. Always let the IT and financial managers involved know ahead of time that a Sarbanes-Oxley compliant protocol is in the works and that it will help, rather than harm, department efficiencies.
  2. Make it an enterprise-wide effort to define the compliance program's goals and the processes necessary to meet those goals. That way, they're more likely to take ownership of the program's success.
  3. Keep it simple.
  4. Use technology to increase data visibility and improve process efficiency.
  5. Make sure processes, technology driven or otherwise, are auditable.

And on the "Don't" list:

  1. Hurry. Analyze your IT and financial controls and define your compliance goals before you think about purchasing technology.
  2. Deploy a huge new system across the entire organization all at once. Such "bomb dropping," as Gelina calls it, will ...
  3. shove a square peg into a round hole. Find the technology that will do the job that needs to be done.
  4. Confuse compliance with disaster recovery.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.