Nearly Half May Not Make Second Sarbanes-Oxley DeadlineBy John Hazard
Forty-five percent of U.S. IT executives responding to the survey by instant messaging security vendor Akonix Systems Inc. said their companies were unprepared to meet the message retention requirements in the federal regulations governing corporate information.
Twenty-nine percent of the 157 respondents to the August poll said they felt they would be able to meet the deadline for archiving messages, while a further 26 percent said they did not know.
Those companies were granted an extension beyond the law's original July. 15, 2005, deadline and have until July 15, 2006, to comply with the message retention aspects.
The looming deadline for Sarbanes-Oxley presents a sales opportunity for VARs able to provide simple, cost-effective solutions to store, archive, index and retrieve e-mail and instant messages, said Don Montgomery, vice president of sales at Akonix.
"Nationwide you might be talking about 10,000 companies that are legally required to meet this deadline," Montgomery said. "Beyond that, you're talking about another 190,000 [businesses] or so, who might not be publicly traded, but need to think about at least some aspects of SarbOx because of the industries they're in or the businesses they work with."
Additionally, federal regulations such as HIPAA and the Patriot Act require message storage and retrieval functions, he said.
Respondents cited cost as the biggest hurdle on the road to compliance, Akonix said in a release.
U.S. businesses will spend an estimated $5.8 billion in 2005 to upgrade technology and expand storage capacity to adhere to Sarbanes-Oxley, according to AMR Research.
Even with the deadline looming, the pace of compliance is unlikely to pick up, Montgomery said.
"What you're likely to see is a gradual climb in spending as companies comply to what they must, when they must," he said.
"This isn't Y2K. The deadline has been a moving target; not so hard and fast and as specific an IT challenge as Y2K. There is some room for interpretation about certain aspects, like producing communications in a timely fashion."
Sarbanes-Oxley regulations, passed in the wake of corporate scandals and fraudulent accounting practices, require publicly traded companies to undergo an annual evaluation of internal controls and procedures for financial reporting.
Sarbanes-Oxley regulations, passed in the wake of corporate scandals and fraudulent accounting practices, require publicly traded companies to establish internal controls and procedures for reporting and responding to financial data.
Any messages and records, including e-mail and IM, that may affect financial decisions or public disclosures must be available for review by the company's key decision makers. The law dictates those records and messages by logged, archived and available for review. Annual audits will be conducted to determine compliance.
Failing to meet the corporate accountability deadline can mean fines for the business and jail time for corporate executives and officers.