How to Get a Seat at the Sarbox Compliance Table

Make compliance a formal project. If Sarbanes-Oxley is ad hoc, it will likely stay with finance, and the CIO is more likely to be presented with a list of demands for impossible work to be done under impossible deadlines.

Learn to speak CFO. Sarbanes-Oxley mixes IT controls with financial controls. Both functions use a different language to discuss and interpret controls. If you can’t speak CFO, find an interpreter.

Volunteer. CIOs who get out in front by volunteering their own time and project management expertise will have a bigger, more important role in the project and going forward.

Meet the auditors. CIOs need to understand financial controls as well as the finance people. Arrange your own meeting with the auditors to learn their issues and to help them understand yours.

Meet the vendors. Head off the Sarbox software snake oil peddlers before they try to sell directly to the CEO or CFO. Then, when they do (and they will), you can offer an informed opinion.

Focus on value. If compliance is viewed as a way to improve the business, Sarbox can be a springboard to more important projects such as role-based portals, for example, or single-instance ERP consolidation.

Automate controls. Many financial controls are still manual. CIOs can add tremendous value by automating them and becoming their custodians.

Get help. Utilities have been laboring under Sarbanes-Oxley-style regulations for years. Reach out to a fellow CIO at a utility to ask for advice.