Expect "Drama and Churn" in IT Departments to Comply with Sarbanes-OxleyApril 20, 2004
Most discussions about the Sarbanes-Oxley Act and the Public Company Accounting Oversight Board (PCAOB) focus on auditing and accounting functions. But "It is the internal controls that go on behind the scenes that make sure of the integrity of a company's financial statements," said Stacey Hamaker of Shamrock Technologies.
A panel of experts discussed the implications of the Sarbanes-Oxley Act on IT professionals last week at the Baylor's Hankamer School of Business. Donna Hutcheson, Principal of the XR Group, specialists in IT management, served as the moderator for the panel. Students, faculty, staff and IT professionals from the community attended the event.
How important is it for companies to comply with the Sarbanes-Oxley Act? "It's much more important now because CEOs and CFOs can go to jail if they don't comply," said David Cargile of Protiviti Independent Risk Consulting.
"There will be a lot of drama and churn this year as companies realize that IT application controls are becoming increasingly important," claimed W. Austin Hutton of Shamrock Technologies. Hutton said that any coding done for applications that touch a company's financial systems will require documented internal controls.
"80% of controls are now manual," said David Vincent, KPMG. "IT needs to enable these processes to become automated."
Added Hutton, "Companies are relying completely on the IT industry to comply with Sarbanes-Oxley. Some controls cannot be manual. Few IT professionals understand control theory and internal auditing structure. This will be the hottest need in the next five years."
And the future holds more of the same, said panelists. "We are just in Phase I of the PCAOB guidelines," said Vincent. "Even state governments are looking at applying some parts of the Sarbanes-Oxley model to their internal systems."