One of the hottest topics of conversation here at the CIO 100 conference is Sarbanes-Oxley, the shorthand name for the U.S. Public Company Accounting Reform and Investor Protection Act of 2002. Sarbox, as it is affectionately known, is the most sweeping regulatory reform of publicly traded markets since the Securities and Exchange Act of 1934 and is designed to reduce fraud and conflicts of interests while increasing financial transparency and public confidence in the markets. It is a response to the sensational corporate fraud cases of Enron and WorldCom. But almost every CIO here at the symposium has yet to get his or her arms around exactly what role IT will play in helping their corporation comply with the law.
Most CIOs understand that auditors will be looking at the validity of a corporation’s data and that means the IT department must put in strong controls, says Jesus Arriaga, CIO for Keystone Automotive Industries.
CIOs understand their heads could very well be on the block if their corporation fails to comply. But the uncertainty of what is expected of them and the consequences — a pink slip? — has the talk heating up about Sarbox. “It’s a moving target,” said Buddy Cox, executive vice president and CTO for Southwest Bank of Texas. “We’re trying to find out where the watermark is so we can meet it.”
No CIO yet seems to have a strong opinion, or any opinion for that matter, on how to meet the law’s regulations. We’ll keep looking. Stay tuned.