ITXPO : Sarbanes-Oxley Increases IT Spending

The Sarbanes-Oxley Act has increased IT spending for most companies,but firms that have built processes to handle compliance issues may bebetter equipped to meet any new federal regulatory burdens, accordingto IT executives at Gartner Inc.’s ITxpo in Orlando.

Compliance burdens posed by Sarbanes-Oxley have proved costly for IT,according to Gartner, which estimates that the federal requirementshave raised IT spending in areas such as records management, increasedsecurity, and tools and new IT processes needed to ensure accuracy offinancial records.

For Eaton Corp., a manufacturer of electrical components, regulatorycompliance issues have boosted IT spending by about 1 percent, or aboutUS$3 million. The company spends about $300 million on IT each year,according to Robert Sell, vice president and CIO at the Cleveland-basedcompany.

Citing state and federal lawmaker interest in the privacy issues,Gartner analyst John Bace said it’s possible that California’s privacylaw — which requires customer notification in the event of a breach ofpersonal information — may yet result in a new federal privacy lawwith Sarbanes-Oxley-like auditing requirements.

If that happens, Sell said his strategy will be to leverage processesthat were set up to ensure Sarbanes-Oxley compliance. Sell, who servedon a panel with other senior IT executives, now has one office managingIT issues associated with that law in addition to intellectual propertyprotection and privacy issues. “We are going to leverage the people andresources across those disciplines,” he said.

Other IT executives agreed that the corporate response needed forSarbanes-Oxley compliance is giving companies the organizational,governance and educational framework they may need to deal with futurecompliance issues.

Gint Dargis, vice president and CIO at Richardson Electric Ltd. inLaFox, Ill., said his firm has the ability “to scope out what’s theimpact to the company” if any new requirements arrive,

Moreover, regulations “are coming together — these things are notgoing apart,” said Jim Magliano, senior IS director at WestPharmaceutical Services Inc. in Lionville, Pa. Magliano said many ofthe requirements that apply to Sarbanes-Oxley also involve healthregulatory-related issues, such as the Health Insurance Portability andAccountability Act.

The one thing companies can’t do is treat the regulatory requirements lightly, warned panel members.

From a corporate board perspective, it’s important to ensure that topexecutives take compliance “seriously enough,” said Ken Coleman,chairman and CEO of ITM Software Corp., a business management toolscompany based in Mountain View, Calif. He said there is a tendency inmanagement not to devote enough staff to a problem.

“This is superimportant,” said Coleman. “The consequences are significant.”

But Sell also said that helping a company meet its regulatoryrequirements is something IT leaders should step up to. “What a greatopportunity — especially for people in IT — to demonstrate some ITleadership,” he said.

By Patrick Thibodeau – Computerworld (US online)