First, Do No Harm:
Commentary from Gwen Thomas|
The Irony of Sarbanes-Oxley
The irony of Sarbanes-Oxley is that
what the SEC now demands is what good executives have been
asking for all along.
Every good leader wants to know
what their true numbers are and how their management team
knows those numbers are accurate. They need someone to monitor what IT systems
and processes touch the data that filters down to financial reports, and they
want to be assured that appropriate governance is in place for all those
systems and processes.
They want assurances that whoever is charged with
maintaining each and every system and process understands the consequences of this work
and is giving appropriate focus to it. Even with cut-backs, no executive ever
wanted to create accountability gaps. And good executives would always expect their management
teams to ensure no gaps were created, if only someone could accurately point
out potential gaps.
Good executives have always known that organizations need top-down governance
and accountability to ensure the quality of their numbers. They've always needed
to know when and why systems and processes change if those changes are going to
affect reports or the data in the reports. And to be agile and competitive,
they know that their staff must know where to find documentation, control records,
and other information needed to maintain and upgrade their systems.
So the real question is: Why did it take an Act of Congress
to focus attention on this?
The answer is simple to anyone who has worked in both the technology and business
sides of a company.
Anyone who has been in the trenches will tell you
that almost NO companies can answer all of these basic Who-What-When questions
to the level that the SEC and stockholders want.
So is Section 404 scary? Yes. But the reason isn't sexy or scandalous.
It's a classic Knowledge Management problem that organizations from
Homeland Security to plumbing supply stores are grappling with:
How do you reconcile top-down hierarchical management structures
with matrixed projects and with
data that flows through an entire enterprise?
Solving this problem - For Sarbanes-Oxley issues as well as so many others facing
organizations today - requires major adjustments to management strategies. And implementing
it requires new tactics. We have to be able to answer with certitude
questions such as Who owns the gaps in our processes? and Who's accountable for handoffs?
Luckily, these problems are solvable. We just have to be sure we're addressing the
root problems and not just addressing symptoms.
Gwen Thomas has been the Sarbanes-Oxley Practice Lead for CIBER, Inc.,a leading international systems integrato and is currently a principal for Data Governance, Inc.
A frequent speaker at industry conferences, she is known for helping IT and Business leaders demystify complex information problems while
applying standard, repeatable solutions. Write to her at [email protected].