RFG note on “Sarbanes-Oxley and IT: A Moving Target with More Questions than Answers.” The Issue: Despite extensive business and technical press coverage, there are still several aspects of the Sarbanes-Oxley Act of 2002 (SOX) for which IT management remains woefully unprepared. Signing off on management processes without changing software acquisition and development processes, for example, may expose firms to unanticipated penalties under Section 404 of SOX. Continuing to conduct business as usual for business intelligence (BI) projects, meanwhile, may be catastrophic under Section 409.

RFG Recommends: IT executives with responsibility for application development or acquisition should familiarize themselves with SOX Section 404, to ensure that their internal processes and vendor contracts facilitate compliance. IT executives with BI and general data management responsibilities should familiarize themselves with SOX Section 409, to prepare for significant changes in disclosure rules. These changes may require IT to produce new reports and change incumbent processes.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access