Organizations must look beyond just tactical Sarbanes-Oxley (SOX) compliance and focus strategically on leveraging SOX investments, according to META Group, Inc. Most U.S.-based organizations are in various stages of SOX projects as they approach the deadline for compliance to Section 404. META Group has identified six phases a SOX project must be managed through with IT playing a strategic role. The IT organization needs to be included as a supporter of enterprise internal control projects and must understand the maturity level or stage of the SOX project in order to help.

META Group estimates 10 percent of SOX-affected firms are at the "exploration" (Level 0) stage. Twenty-five percent of affected firms are at "building awareness" (Level 1), which is where the enterprise SOX project is being defined and resources are being identified to manage the Section 404 process. The greatest percentage (40 percent) are at "project initiation" (Level 2) with their SOX initiatives, which is where the formal enterprise SOX project begins. Twenty percent of firms are at "project execution" (Level 3) and are actively involved in executing their internal control projects, given the rolling compliance date (through June 2005). Only 5 percent of firms are at "perform assessment/review results" (Level 4), working on identifying business processes. Finally, probably very few firms are at "optimization" (Level 5) and, for most, this will begin after the initial Section 404 compliance date (June 2004 and ongoing).

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access