The Sarbanes-Oxley Act changed the face of IT security for publicly traded companies. But subsequent security developments and an increased business focus have engaged IT pros in compliance at organizations of all size.
Social and governmental forces have pushed IT compliance to the forefront of business during the past five years. Banks, hospitals and employers are supposed to be trustworthy fortresses of information, but as many people have found out, they sometimes aren’t.
With the passage of the Sarbanes-Oxley Act of 2002, more and more organizations turned their attention to IT compliance to ensure the security of private information. The main catalyst for Sarbanes-Oxley was the financial improprieties of major companies, including Enron, WorldCom and Tyco International. But the act tackles a host of issues related to corporate governance, financial disclosures and accountability of publicly traded companies.
Section 404 specifically relates to IT practices, calling for managers and an external auditor of the company to report on the capabilities of the company’s internal control over financial reporting. By far, it’s the most costly aspect of the legislation for companies to put into operation, as testing and recording important manual and automated financial controls requires enormous effort.
The act provides a benchmark for a total paradigm shift in IT compliance. Before 2002, enforcement of compliance depended on a loose consortium of laws and protocols. After passage of Sarbanes-Oxley, one all-encompassing act enforced compliance rigidly. Sarbanes-Oxley was a rock thrown in the IT pond, and ripples can still be seen…
Please log in or subscribe to read this article