The law's requirements for financial auditing and regulatory compliance have made IT systems more visible to top executives and integral to core business processes. Paul Sarbanes and Michael Oxley have left Congress, but they’re never far from the thoughts of CIOs responsible for making their companies’ financial systems produce accurate data. Everyone’s favorite kvetch is the high cost to comply with the Sarbanes-Oxley Act of 2002, but now chief information officers are, in some ways, better off. MORE ON Sarbanes-Oxley Compliance: The Sarbox Conspiracy IT Gets Micromanaged Under Sarbanes-Oxley CFOs: Sarbanes-Oxley Costs Dip For the past five years, CIOs have dealt with being micromanaged by colleagues outside of IT and suspected a conspiracy by CFOs to undermine them. They’ve been inundated by vendors with fabulous claims of compliance-in-a-box and have listened to former Federal Reserve chairman Alan Greenspan decry Sarbanes-Oxley as a “nightmare” that should be rewritten. But looking back, the rules that Sarbanes, a former Senate Democrat from Maryland, and Oxley, a former Republican representative from Ohio, wrote to make U.S. companies more accountable for their financial data also have lifted the career trajectories of some CIOs, says Lee Dittmar, a principal at Deloitte Consulting who oversees enterprise governance.Yes, Dittmar says, Sarbanes-Oxley burdened technology departments by forcing, for example, more detailed reporting about how software projects affect a company’s financial data. IT also has to work side by side with internal and external auditors, as well as with the finance group, to identify how their companies handle accounting data electronically and manually, then tighten those processes to prevent fraud. “It has been painful,” he says. For many companies, documenting, testing and maintaining financial controls to the extent required by the legislation was a major change from past practice, he says.But because technology enables the production of nearly all of the financial information under scrutiny, he says, now senior executives see that “what happens in IT is strategic.”As companies have struggled to understand and then follow Sarbanes-Oxley, CIOs have had the chance to talk with senior executives specifically about how IT affects the business, says Patty Azzarello, a CIO careers consultant in Palo Alto, Calif. “This conversation in many cases opened the door for CIOs to get more airtime in budget and planning discussions, which is vital if they want to have an impact on corporate strategy.”The cost of complying with Sarbanes-Oxley depends on how complex your company is—multiple lines of business? global offices?—and how badly financial data was monitored historically. But generally, the amount of money spent per year on adhering to the regulations has been declining, according to a recent survey from Financial Executives International (FEI), a professional association in Florham Park, N.J.Total average cost for a company to comply with Section 404—which governs internal controls—was $2.9 million last year, down 23% from 2005, FEI found. At American International Group (AIG), the cost of complying with Sarbanes-Oxley is a perpetual discussion, says Anders Land, vice president of Internal Control in the comptroller’s unit at the $113 billion New York insurance company.But, Land estimates, AIG spends 30 percent to 40 percent less now per year than it did in 2003, when it embarked on compliance, because creating and maintaining clean controls of financial data is becoming embedded in people’s everyday work.When companies started Sarbanes-Oxley work five years ago, they hired external consultants and auditors to do it for them. But now that procedures are in place, companies are embedding at least some of that work into the jobs of their own people, Land says.“Instead of having a defined number of consultants doing the project, it becomes 10 percent of an internal employee’s work,” he says. So it’s now harder to say what’s a Sarbanes-Oxley cost and what isn’t, he says. “That’s positive. It means the performance of good, effective controls is part of company culture, and that’s the whole purpose of the law.” Tom Basilo has little sympathy for executives unhappy with Sarbanes-Oxley costs. Basilo, CEO and chairman of WithumSmith+Brown Global Assurance, a Sarbanes-Oxley consulting firm in Princeton, N.J., says the regulations set out to restore public confidence in U.S. companies after the accounting scandals at Enron, WorldCom, Tyco and others.And it worked, he says.“Last year, we had record investment in U.S. stock markets and this year we’ll probably have another record,” he says. “Good, strong companies are staying here and doing quite well.”To companies that complain about Sarbanes-Oxley costs, Dittmar, at Deloitte, likes to lob a hypothetical: “Compare the total cost of complying, all-in, and the total compensation of the CEOs complaining about the cost of complying,” he says. “Which is bigger?”Of course, CIO compensation doesn’t compare to the multimillion-dollar packages that chief executives get. But some top technology leaders at the biggest U.S. companies also receive hefty stock and options awards.Ditmar’s advice: “Stop complaining, because [without Sarbanes-Oxley] your options wouldn’t be worth anything because your company wouldn’t be worth anything.” Related content BrandPost Leadership superpower: Succeeding sustainably As today's great leaders recognize, true success is not solely measured by the bottom line but also by the impact a business has on its stakeholders, including employees, partners, and the environment. By Marie Kalliney, Practice Leader, Digital Transformation Services, Broadcom Mar 28, 2023 5 mins IT Leadership BrandPost Helping the C-suite leverage their network as a business-boosting asset By Tanya O'Hara Mar 28, 2023 3 mins IT Leadership Opinion 5 hard questions every IT leader must answer Strong leadership is vital to IT success — and shouldn’t be taken for granted. Continual self-reflection is essential for knowing whether it’s time to restructure your approach to leading IT. By Thornton May Mar 28, 2023 5 mins Business IT Alignment IT Leadership Feature CIOs address the impact of hybrid work Assessing how some of the most progressive CIOs strive to provide both technological and emotional support for a dispersed workforce. By Pat Brans Mar 28, 2023 8 mins CIO Remote Work Employee Experience Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe