To its credit, Blue Rhino's Sarbanes-Oxley compliance efforts are already far enough along to justify its doubts about the act's impact. While every public company has to comply with the new law, many of them, especially those with fiscal years ending on Dec. 31, put off tackling the regulations until the beginning of 2004, because that gives them 12 months to conform. For some companies, starting this late isn't a problem, says Rich Mogull, an analyst at Gartner Inc. "Most financial services firms can reconcile all of their accounts in 30 minutes after closing. So they're used to documenting everything they doas are other forward-thinking established companies," he says.
The same cannot be said of many older companies that have never fully automated, or even linked, their financial systems, which have too often been put together piecemeal, over decades. Likewise, many newer companiesthose that have grown through lots of acquisitions, say, or where there has been a culture of speedare finding that they, too, face a larger job than they had anticipated when they try to integrate and put adequate controls on what had been a loose set of operations.
In such cases, this task frequently falls to the CIO. While an organization could, at least theoretically, document financial operations manually, or rely on existing soft- ware to create the necessary controls, many companies are seizing on Sarbanes-Oxley as an opportunity to streamline and corral their networks, and to create better reporting mechanisms that improve efficiency throughout the organization. Business-process-management softwareprograms that oversee and integrate the operations of large separate applications, such as ERP and CRMis often chosen as a way to fulfill that goal relatively inexpensively. According to Gartner, the software companies that have the most to gain are FileNet Corp., Metastorm, Pegasystems Inc. and Staffware.
"In complying with Section 404, companies are realizing that they need other improvements in their financial systems," says Diane Wolff, president of the Blue Sage Group, a Canton, Mass.-based consultancy that advises on Sarbanes-Oxley issues. "Do they need specific software programs for revenue recognition? Do they need to update their financial systems? Do they need to link disparate financial operations so that where the data comes from, and what it means to the performance of the organization, is transparent? They're looking at how to take all of the manual financial processes based on Excel spreadsheets they've got in their different divisions and put them into an automated system. There is going to be more indirect pressure on CIOs and IT organizations to solve business problemsdata flow problemsthan to solve compliance."
The Role of Standards in Cloud Security
Security is often cited as a primary cause for concern...Watch Now
Ensuring Resources for Mission Critical Workloads
Application workloads can thrive in cloud environments,...Watch Now
Improving Security in the Public Cloud
One of the main concerns about moving data to a public...Watch Now