Ask the Expert

Convince management to spend for Sarbanes-Oxley

My compliance officer has been hounding me about Sarbanes-Oxley. How can I work with management to get the tools and resources I need to convince him to open up the purse strings a bit for new infrastructure?

    Requires Free Membership to View

Use Sarbanes-Oxley (SOX) compliance as an opportunity to solve additional problems, and to upgrade processes and infrastructure to meet other business objectives at the same time. The good news is that Sarbanes-Oxley is getting top management to pay attention to these issues!

Generally, a Sarbanes-Oxley compliance effort will start with a focus on processes and procedures, not infrastructure. But you may be able to make a good business case for upgrading infrastructure to support improved controls and reporting.

The SEC has established deadlines for certification of internal accounting controls, and this will motivate top management to pay attention to data retention, protection and integrity issues. The immediate focus will be improved control and certification of financial reports and audit results.

However, this review of processes and infrastructure should also address business objectives such as ensuring the confidentiality of corporate information assets, complying with evolving privacy laws, and reducing the costs of legal discovery.

Many firms will need to improve their retention and protection of audit-trail data, including supporting documents for business transactions. For example, many companies are focusing on e-mail archiving policy and infrastructure as one area that needs improved controls and infrastructure investment. But these considerations extend to other databases and document repositories as well. Over time, many firms will move to an enterprise data archive that centralizes policy-based management of electronic records from multiple applications. This will help them comply with multiple regulations, and reduce the risk of expensive legal discovery, with a cost-effective archiving infrastructure.

Ed note: If you would like to read additional compliance articles, opinions and expert advice, make sure to sign-up for our ALERTS on compliance. Click here to sign up. SearchStorage.com also offers alerts on low-cost storage.
Do you agree with this expert's response? If you have more to share, post it in one of our .bphAaR2qhqA^0@/searchstorage>discussion forums.


This was first published in November 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: