Gartner: Sarbanes Struggle Continues

Despite receiving a reprieve from the Securities and Exchange Commission (SEC), data center managers and their IT departments still face an uphill task to meet the requirements of the Sarbanes Oxley Act (SOA), says analyst firm Gartner Inc.The SOA, passed in response to the scandals at Enron, WorldCom, et al, requires company managers to attest that they have established and maintain internal control over their companys financial reporting.

With so much of a company’s financial reporting tied to technology, the initial challenge for firms was getting specific information from a variety of sources within their IT infrastructures (see Gartner: Savor the Sarbanes Extension).

Although companies have now started to build the systems to access this data, they are coming up against other hurdles, according to Lane Lekela, research director at Gartner.

”We have clients that are getting exasperated because they have the controls in place, but they are not getting the level of understanding about the data they expect,” he says.Leskela believes that this stems from a lack of personnel skilled in both IT and compliance issues. These individuals can help firms interpret their data, and, if necessary, refine their IT systems to ensure that they meet the SOA requirements.

The Gartner executive also believes that, on current evidence, a number of firms will actually miss next year's compliance deadlines.

Section 404 of the SOA requires IT managers to report material changes to their firms' financial reporting processes. So, for example, a major software system update in a company’s IT infrastructure could now require more compliance paperwork from the IT department.

Leskela believes that firms on an accelerated track for making their systems SOA-compliant need to step up a gear. “There’s a lot of work that needs to be done,” he says. "The challenges that remain are organizational and communications-related.

”Some organizations still have the view that IT exists in tandem to the business -- but now the IT department and the finance department really need to communicate."However, there is some progress being made. “In some of the best cases, we have seen firms create their own internal compliance bodies to oversee Sarbanes Oxley." These are staffed by people with the requisite skills in both technology and auditing.

Companies on an accelerated filing schedule -- meaning firms with a $75 million-plus market cap that have filed at least one annual report with the SEC -- must comply with the act for their first fiscal year ending on or after November 15, 2004. The original deadline for accelerated filers had been June 15, 2004.

Companies on the non-accelerated filing track also received a boon from the SEC. They must begin to comply with requirements for their first fiscal year ending on or after July 15, 2005, a three-month extension on the original deadline of April 15 next year.

— James Rogers, Site Editor, Next-gen Data Center Forum