93% Of Corporate IT Executives Unaware of Their Sarbanes-Oxley Compliance Responsibilities, According to Recent Survey by Obian.BURLINGTON, Mass. -- Findings Suggest a Significant Percentage of Companies Likely to Fail 2004 Audit Because of Lack of Awareness A recent survey by Obian, Inc. found that an astounding a·stound tr.v. a·stound·ed, a·stound·ing, a·stounds To astonish and bewilder. See Synonyms at surprise. [From Middle English astoned, past participle of astonen, 93% of chief information officers and other senior IT executives were unaware of their information technology control assessment responsibilities as mandated under Section 404 of the Sarbanes-Oxley Act See SOX. - a finding that suggests a significant percentage of companies will fail their 2004 corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. audit. "Given what's at stake, the lack of understanding of what companies must do to ensure compliance from an IT perspective is shocking - particularly since the deadline is just a few months away," said John Logan, Obian's founder and president and a 25-year veteran of the information technology industry. "We've found many executives who think they're sufficiently compliant, but they're not. They incorrectly think that by merely identifying and assessing the risk and control activities of their corporations' financial reporting systems - just as they did to meet the December 31, 2003 deadline for Section 302 compliance - that they'll meet the requirements of Section 404. "What they've failed to recognize is that 30-40% of a corporation's internal controls over financial reporting are information technology specific and that CIOs and other senior IT executives have a significant role in the process," he continued. "As a result, most corporate IT executives remain in the dark about their full responsibilities, even at this late stage, placing their companies at serious risk for failure. In fact, under the guidelines, if a company's CIO CIO: see American Federation of Labor and Congress of Industrial Organizations. (Chief Information Officer) The executive officer in charge of information processing in an organization. does not understand Sarbanes-Oxley Section 404 requirements, that alone demonstrates a deficiency in the control system." Sarbanes-Oxley requires issuers of financial instruments in the U.S. - including all public companies whose shares trade on U.S. stock exchanges - to identify their significant financial accounts, the business processes that support those financial accounts and the applications and IT systems that support those business processes. Companies must then document and test the adequacy and effectiveness of controls at the financial reporting level Reporting Level A level of ownership of a specific futures position wherein the holders exceed the stated amounts and are required by the CFTC to submit daily reports. Also known as reporting limit. , the application level, the IT infrastructure level and the IT management level. The deadline for the majority of public companies for Section 404 compliance is December 31, 2004. Logan points out that there are significant consequences for failure. If material weaknesses are identified, management is obligated ob·li·gate tr.v. ob·li·gat·ed, ob·li·gat·ing, ob·li·gates 1. To bind, compel, or constrain by a social, legal, or moral tie. See Synonyms at force. 2. To cause to be grateful or indebted; oblige. to disclose this information. In addition, the corporation's external auditor is required to independently test management's assertions - including those regarding IT controls - and issue an opinion. This attestation, including material weakness found during the audit, will appear in annual reports filed with the Securities and Exchange Commission by companies with fiscal years ending after November 14, 2004. "Part of the problem has been the vast confusion regarding exactly what is required," Logan continued. "While guidelines have been published, auditing firms are still interpreting them and building their own suite of even more detailed IT control tests. Companies would be foolish, however, to use this uncertainty as an excuse for inaction. "External auditors face serious ethical and liability issues if they do not perform a comprehensive and in-depth testing of a company's assessment efforts," he added. "Even though this is the first year in which an assessment of IT controls over financial reporting is required, no company should expect its external auditor to be lax in its reporting responsibilities to the company's shareholders." Obian has developed a comprehensive software framework for assessing and documenting the adequacy and effectiveness of a corporation's IT internal controls that support its financial reporting system and then expedite the collaborative remediation process for all identified deficiencies as mandated under Section 404. The framework is designed to conform to industry standards, yet is flexible enough to meet the specific needs of each organization's assessment, documentation and remediation processes. The survey was based on interviews with 286 CIOs and senior corporate IT executives. About Obian Founded by successful software industry veterans, Obian develops products and service offerings designed to improve the way corporate executives lead and direct their organizations during periods of rapid change. Founder and president John Logan is the author of the groundbreaking book, "Evolution Not Revolution: Aligning Technology with Corporate Strategy to Increase Market Value," which formed the intellectual basis for Obian's products and services. Chief operating officer Chief Operating Officer (COO) The officer of a firm responsible for day-to-day management, usually the president or an executive vice-president. T. Mark Morley has extensive management and financial background in high technology, having previously served as CFO See Chief Financial Officer. at Encore Computer Corporation, (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on ) and Iomega Corporation, (NYSE NYSE See: New York Stock Exchange ). A graduate of Boston College Law School and Harvard Business School Harvard Business School, officially named the Harvard Business School: George F. Baker Foundation, and also known as HBS, is one of the graduate schools of Harvard University. , he previously worked as a CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. at Deloitte & Touche. Chief Technology Officer Peter Bohnert is a software engineering executive with a diverse background in Internet content delivery, Supply Chain Management, Enterprise Resource Planning See ERP. (application, business) Enterprise Resource Planning - (ERP) Any software system designed to support and automate the business processes of medium and large businesses. and Change Management applications. Additional information is available at www.obian.com. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion