RFG note on “Sarbanes-Oxley and IT: A Moving Target with More Questions than Answers.” The Issue: Despite extensive business and technical press coverage, there are still several aspects of the Sarbanes-Oxley Act of 2002 (SOX) for which IT management remains woefully unprepared. Signing off on management processes without changing software acquisition and development processes, for example, may expose firms to unanticipated penalties under Section 404 of SOX. Continuing to conduct business as usual for business intelligence (BI) projects, meanwhile, may be catastrophic under Section 409.

RFG Recommends: IT executives with responsibility for application development or acquisition should familiarize themselves with SOX Section 404, to ensure that their internal processes and vendor contracts facilitate compliance. IT executives with BI and general data management responsibilities should familiarize themselves with SOX Section 409, to prepare for significant changes in disclosure rules. These changes may require IT to produce new reports and change incumbent processes.

RFG in Action: RFG has written extensively on the subject of regulatory compliance, including examination of various laws and regulations affecting enterprise efforts. RFG has also help guide IT executives during the formation of their enterprise compliance plans, and has helped to perform risk analysis to determine areas of weakness. Contact RFG for more information.

E-mail mailto:info@rfgonline.com or call RFG at (203) 291-6900 for information about this note.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access