INFORMATION TECHNOLOGY

Home > IT > Six years on, CIOs seeing business benefits from SOX

---

Six years on, CIOs seeing business benefits from SOX

June 2008

Six years on, Sarbanes-Oxley and business have settled in for the long haul.

In the intervening time, the conversation has taken some notable turns: from resistance and cost concerns to acceptance and finally a business benefits view.

Now, most organizations agree that compliance carries significant value. Not just in terms of keeping the corporation on the right side of the law; but also as a strategic company asset.

For CIOs, the most significant outcome is that compliance mandates have given them a welcome place at the executive table.

“Beyond the traditional charge that comprises the fundamentals of keeping the lights on and the company out of trouble, IT and the CIO now share responsibility for making the business better,” says CIO magazine.¹

Compliance costs coming down

The good news is overall compliance costs continue to fall – on average, companies spend 30 to 40 percent less than they did in 2003.

This is largely because “creating and maintaining clean controls of financial data is becoming embedded in people’s everyday work,” says CIO Kim Nash.²

The challenge for the CIO, and the company at large, is taking the broader view and building a more streamlined, sustainable compliance process.

Areas of risk converging

According to CIO magazine, the typical organization these days is a hodgepodge of “core compliance accountabilities for multiple functions and business units.”

Each area – HR, security, finance, legal, risk, internal audit, and others – addresses compliance differently.³

In the face of an ever more complex and evolving set of regulations, such disparate structures are not sustainable.

Indeed, as a matter of long-term corporate efficacy, these corporate functions are starting to converge.

The idea is to establish an integrated, consistent set of processes across the board to “reduce redundant control activities, eliminate duplication in the business units, drive down costs and support strategic decision making.”⁴

Expanded role for IT

Who better than IT to orchestrate this convergence?

The department is often the expert in facilitating business improvement processes across the company, such as ERP and other data transformation initiatives.

Managing a broader, integrated compliance platform is a logical step.

“IT is unique in its ability to move well beyond the four walls of the data center in response to its expanded mandate to create value, rationalize costs and manage risk for the entire enterprise,” says CIO.

And from CIO Kim Nash: “because technology enables the production of nearly all of the financial information under scrutiny, now senior executives see that ‘what happens in IT is strategic.’”⁵

Information is the “common denominator”

In an enterprise compliance strategy, information is the “common denominator.”⁶

For CIOs, integrating disparate data sources and creating a common view should go hand in hand with a company-wide approach to risk management.

When everyone works with the same numbers, there are fewer overlaps, errors, and inconsistencies.

To that end, IT should consider deploying a single BI and planning platform with a common metadata model and query engine.

It allows all users across functions and business units to work with the same trusted data, definitions, and results.

Consolidations and reporting also become simpler since data doesn’t have to be correlated from different systems.

Better information, better controls, better performance

Beyond compliance, an agile information and reporting system reaches into other parts of the business.

Executives, for one, gain visibility into operations and business drivers. With insight into how the company is performing, they can plan or reallocate resources as needed.

Management and staff also spend less time compiling and reconciling data, and more time on value-added activities such as analysis and decision support.

In the end, better data results not only in financial transparency and reliable internal controls.

An integrated information platform also brings additional business benefits: improved decision-making and performance.

It’s a strategic win for the company, and the CIO.

Find Out More Cognos Performance 2008: Call for Papers Four steps to performance management

---

Sources

¹ Matt Podowitz and Brian Tretick, Compliance, Convergence and How IT Fits, CIO, January 8, 2008.

² Kim Nash, Why, Five Years After Sarbanes-Oxley Became Law, IT Executives Are Better Off, CIO, August 3, 2007.

³ Podowitz and Tretick, Ibid.

⁴ Ibid.

⁵ Nash, Ibid.

⁶ Podowitz and Tretick, Ibid.