Print this article | Return to Article | Return to CFO.com
At least one CFO makes the case that the second year of Sarbanes-Oxley compliance will be more difficult than the first.
Scott Leibs, CFO IT
June 22, 2005
Of the many ways a business historian might chronicle the last decade in IT, a look at my E-mail in-box would surely rank among the best. Marketing and PR people try hard to maximize that precious on-screen real estate, typically making a case for their product or service in 10 words or less. As a result, all I or said scholar need to do to see what's hot is to scroll down and take note of the pitch du jour. In the late 1990s, for example, I rarely got an E-mail that didn't have some kind of Y2K hook. The dot-com boom brought a slew of "Obscure two-person company receives $20 million in VC funding!" E-mails. When things turned, the ROI drum became the favorite thing for E-mail subject lines to bang upon.
And then came Sarbox. As with previous flavors of the month, Sarbox inspired some real subject-line howlers as companies that wouldn't know Section 404 from Formula 404 tried to jump on the bandwagon ("Our laser-printer cartridges make Sarbox documentation a snap!"). Some companies took the more savvy route and used "beyond compliance" as code for "possibly relevant, but we don't want to hitch our wagon to what may be only a shooting star."
They needn't have worried: Sarbox is a subject line with legs. As our inaugural "Survey Says" feature reveals, there is still plenty of angst and confusion surrounding compliance, and very little indication that things will magically resolve themselves once companies get that first audit under their belts. In fact, at least one CFO makes the case that the second year will be more difficult than the first (see "Sarbox Surprises").
We cover Sarbanes-Oxley in detail in both CFO and CFO IT because, while its raison d'être may lie in finance, its implementation depends very heavily on technology. More than half the respondents to our survey said one twist to Sarbox is that there really is no clear line between what constitutes financial controls and what constitutes IT controls. As CFOs and CIOs address the implications of that, we'll resign ourselves to a daily dose of Sarbox subject lines. Who knows, maybe the "beyond compliance" pitches will fade away first, replaced by unabashed appeals to the specific demands of these no-longer-new regulations. Raise your hand if you miss Y2K.