My compliance officer has been hounding me about Sarbanes-Oxley. How can I work with management to get the tools and resources I need to convince him to open up the purse strings a bit for new infrastructure?
Use Sarbanes-Oxley (SOX) compliance as an opportunity to solve additional problems, and to upgrade processes and infrastructure to meet other business objectives at the same time. The good news is that Sarbanes-Oxley is getting top management to pay attention to these issues!
Generally, a Sarbanes-Oxley compliance effort will start with a focus on processes and procedures, not infrastructure. But you may be able to make a good business case for upgrading infrastructure to support improved controls and reporting.
The SEC has established deadlines for certification of internal accounting controls, and this will motivate top management to pay attention to data retention, protection and integrity issues. The immediate focus will be improved control and certification of financial reports and audit results.
However, this review of processes and infrastructure should also address business objectives such as ensuring the confidentiality of corporate information assets, complying with evolving privacy laws, and reducing the costs of legal discovery.
Many firms will need to improve their retention and protection of audit-trail data, including supporting documents for business transactions. For example, many companies are focusing on e-mail archiving policy and infrastructure as one area that needs improved controls and infrastructure investment. But these considerations extend to other databases and document repositories as well. Over time, many firms will move to an enterprise data archive that centralizes policy-based management of electronic records from multiple applications. This will help them comply with multiple regulations, and reduce the risk of expensive legal discovery, with a cost-effective archiving infrastructure.Ed note: If you would like to read additional compliance articles, opinions and expert advice, make sure to sign-up for our ALERTS on compliance. Click here to sign up. SearchStorage.com also offers alerts on low-cost storage.
Do you agree with this expert's response? If you have more to share, post it in one of our .bphAaR2qhqA^0@/searchstorage>discussion forums.
This was first published in November 2003