The Sarbanes-Oxley Act of 2002 was intended to clean up corporate finance, but as an unintended side effect it has also revealed widespread problems with corporate information technology systems, according to a report surveyed companies that are complying with Sarbanes-Oxley requirements.
The survey, conducted by CFO publishing, finds out that 94% of the responding companies that completed a Sarbanes-Oxley audit said they had uncovered deficiencies in their IT systems, 75% said they feel that regulators have not done an adequate job in describing what constitutes adequate IT controls.
In addition, 50% expressed doubts about auditors´ judgments as to whether the IT systems that all companies rely on have been properly designed and documented to meet the new requirements set forth in Section 404 of Sarbanes-Oxley, often cited as the most vexing, costly and time-consuming subset of the new regulations.
Further more, the survey reveals that 52% said there is no clear line between financial controls and IT controls, 50% either have or will buy special software designed to address compliance requirements.
“We´ve heard doubts and complaints about this issue for two years,” says Scott Leibs, editor of CFO IT, “but the actual scope of IT-related deficiencies, and the levels of misgiving and frustration expressed by our readers, has exceeded the anecdotal griping by a wide margin.”
Chief financial officers (CFOs), already faced with huge expenses in meeting core Sarbanes-Oxley requirements regarding financial reporting, are not happy about the time and energy their companies must devote to related IT issues, and question both the relevance and expertise of those involved in making and enforcing the new rules.