CMP Network Computing
Log In to Network Computing
   Techweb
 
Top 11 List Security Channel SpamOmeter Internet Threat Level
Live Lab Cams Storage Channel IT Pro Downloads Network Design Manual
 Site Map |  What's New |  Current Issue |  Past Issues |  Article Index |  Newsletters |  Content Feeds |  Subscribe
Welcome to Network Computing Networking News Product Reviews, Sneak Previews, Analysis Workshops, Primers, Tutorials Site Content According to Technology Covered Forums, Blogs, Opinions Site Tools for IT Professionals Centerfold Case Studies Interactive Buyer's Guides


IT Knowledge Made Simple
Stay on top of strategic IT infrastructure trends with our special IT StrategyCenter, powered by StudioOne Networks.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Boardroom Strategies / Peers and Superiors

Add Your Voice to the Compliance Team

By Elizabeth Wasserman

Thousands of large public companies were able to comply with Sarbanes-Oxley requirements in their annual reports recently thanks to the efforts of their information technology teams. But while IT is acknowledged as playing a crucial role in regulatory compliance, CIOs often find themselves without a seat at the table because ownership of the data originated in another department.

The paradox is that CIOs are tasked every day with knowing the information infrastructure underlying the business -- information that is vital for others in the organization in charge of compliance. IT tools can help company officials share and verify crucial data between internal and external auditors, finance managers, and business units before it ends up in financial reports. Such tools can also be deployed to automate what were once manual processes. For these reasons, the CIO is in the best position to improve compliance procedures throughout the organization.

As companies struggled to meet Sarbanes-Oxley deadlines in the last few years, they sometimes failed to realize the value of the CIO. A study released last year by the Hackett Group, an Atlanta-based business advisory firm, found that fewer than half of the CIOs interviewed were involved in the steering committees for Sarbanes-Oxley compliance.

"It was a wake-up call," said Beth Hayes, a research fellow at the Hackett Group. She said that some companies have since determined that IT participation is critical to successful Sarbanes-Oxley compliance and have brought CIOs into the fold -- but not all. The law requires not only that a company's financial reports be accurate, but that proper controls are in place so that the CEO and CFO know if the financials are inaccurate. As the CIO has responsibility for the management, operation, and acquisition of the IT systems that are at the core of a company's operations and financial management, it's only fitting that this official be part of the compliance team.

"It seems obvious that the CIO ought to be represented," said Ann Senn, global leader for CIO advisory services for Deloitte Consulting. "We have done a lot of work with compliance teams, and I can't tell you how often we have found that compliance teams -- a number of which are focused on financial controls -- deal with IT as one of the elements they have to go through and not as a core vocal member of the compliance steering team."

CIO representation is important in part because compliance teams often make decisions about priorities for future process improvements. A compliance team could make decisions that alter the IT operation's priorities, such as maintaining a secure and available information environment; or its ability to meet business goals. As a result, uninformed decisions could end up making compliance with regulatory mandates even more difficult. In other words, CIOs may lose control over the very thing it is their responsibility to maintain: IT.

"If you're not there, you are in a position of taking orders," said Senn. "You take orders and you do the best. But if you're taking orders, you're not making decisions. You're in the position of fulfilling the orders."

To prevent that scenario from occurring, CIOs need a game plan for proving themselves to other executives.

  • Be Proactive  Understand how IT can help the company meet compliance deadlines in a less painful and time-consuming fashion next time around. Outline your plan in a memo or request to make a presentation to the compliance team.


  • Demonstrate IT's Role  Establish usage rules and audit trails for every information system feeding financial data into reports. Actions speak louder than words. Impress the CFO and CEO with a track record of running IT as a business and being customer-service oriented.


  • Designate an IT Controller  Create a new position on your own staff for an IT Controller, the point person on compliance, risk management, vendor management, and security. This person will ensure that IT is not a risk factor in compliance and show other C-level executives that you take compliance seriously, according to the Hackett Group's Hayes. 


  • Court Your CFO and CEO  Your proven track record has earned their respect. You understand the issues. Now it's time to make your case for inclusion at the table to the executives who feel they have the most at stake. Show that you understand the concerns of the CFO and CEO, who face potential criminal penalties and fines if they sign false financial statements. Meet with them personally to outline your plan for how to make compliance easier from this moment forward.

If the CIO isn't a member of the compliance team, Senn said, he or she ought to at least have a "good counselor" who can make sure IT's voice is represented in discussions and report information from the meetings. That counselor can hold any position in the company, but it needs to be someone who can be frank about discussions and who knows something about the IT infrastructure and how technology can help.

Once the CIO wins a place on the compliance team, successful results could go a long way to winning more representation for IT at the executive committee level. And maybe even win the CIO a seat at that table.

Elizabeth Wasserman has written about technology and business for Inc., CIO Insight, and the San Jose Mercury News. She is a freelance writer based in Fairfax, Virginia.

IT Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Initiatives
Peers and Superiors
Enterprise Smarts
Related Content

Features

View More


Metrics

View More

Fast Fact

Without a spot on the compliance team, CIOs may lose control over the very thing it is their responsibility to maintain: IT.
Sponsor Tools

White Papers

View More


Resources
Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


CIO Interview: CIO of Port of Portland, Michelle Gaines
Playtime: 7 min 59 sec



Download | Subscribe

Copyright © 2008 Studio One Networks. All rights reserved.
Advertisement
Site Navigation
Home | Article Index | Newsletters | RSS Feeds | Site Map | IT Tools | Reviews | Technologies | Workshops/Tutorials | News | Forums/Blogs/Opinion | Bookstore | Jobs | RFP/RFQs | White Papers | Audio | Downloads | Editors | Webmaster | Sales and Marketing | Magazine Media Kit | Online Media Kit | Events | Reprints | Editorial Calendar
Technology News and Opinion
Small Business Pipeline | IT Utility Pipeline | Business Intelligence Pipeline | Desktop Pipeline | Compliance Pipeline | Server Pipeline | Storage Pipeline | Security Pipline | Mobile Pipeline | Linux Pipeline | Advanced IP Pipeline
Companion Sites
Independent Testing Services | Network Magazine | IT Pro Downloads | UnixWorld | Interactive Buyer's Guide | InternetWeek | InformationWeek | Transform Magazine | Pipeline Technology Sites | Intelligent Enterprise | TechWeb | Shop-Marketplace.com



TechWeb is brought to you by CMP Media LLC, Copyright © 2004
Privacy Statement | Terms Of Service