Vice President, Business Transformation and Customer Value
Xcel Energy Inc.
CIO Insight: Where did you begin?
Carlson: Before Sarbanes came onto our radar screen, in January 2003, we centralized our IT shop from six autonomous groups into one corporatewide IT-services group. When we got into the SOX details last fall, it was evident that consolidation was going to make compliance cheaper and easier. If we had those IT groups running their best-of-breed apps, you can imagine the amount of IT control complexity that would have had to be built. We weren't clairvoyant, but because we have a centralized model, we have been able to avoid some of the complexity and some of the risk.
But not all companies have a centralized IT department.
Yes, and there's justification for a more decentralized model when you have enough disparate business objectives. But I'd say that if a centralized IT model can support your business needs, you're much better off going that way.
How has the Act affected your budgets?
Well, it's definitely going to impact our portfolio. When we kicked off the compliance effort last November, it involved a group of about 20 people from finance and IT. But at our meeting in March, there were more than 100 people involved.
Do employees understand the importance of compliance?
I would say no, actually, not to the level that they need to. So we have an aggressive communication and training program attached to this. Though it's not a requirement under the act, we are rolling out a series of nine e-learning courses that are aligned with our ethics and code of conduct. Every employee will go through at least one, depending on his or her job. My IT group, for example, will get a much different training session than, say, our accounting group will. That rollout is a recognition process that's combined with a corporate communications program that includes a semi-monthly newsletter, monthly corporate briefings and an intranet site. In fact, if you walk through any of our buildings right now, in every elevator and at every employee entrance you'll see something about Sarbanes-Oxley.
That's a major investment in communication.
When we started breaking all of this down, we realized that compliance goes all the way to the front lines of our company. We have 11,000 employees, and our revenue is made up primarily of monthly meter reads. That can mean anything from a computer collecting that data to a person physically checking it and writing it down. One way or another, everyone has a role in compliance.
The Role of Standards in Cloud Security
Security is often cited as a primary cause for concern...Watch Now
Ensuring Resources for Mission Critical Workloads
Application workloads can thrive in cloud environments,...Watch Now
Improving Security in the Public Cloud
One of the main concerns about moving data to a public...Watch Now