TMCnet News
93% Of Corporate IT Executives Unaware of Their Sarbanes-Oxley Compliance Responsibilities, According to Recent Survey by Obian BURLINGTON, Mass. --(Business Wire)-- Sept. 30, 2004 -- Findings Suggest a Significant Percentage of Companies Likely to Fail 2004 Audit Because of Lack of AwarenessA recent survey by Obian, Inc. found that an astounding 93% of chief information officers and other senior IT executives were unaware of their information technology control assessment responsibilities as mandated under Section 404 of the Sarbanes-Oxley Act - a finding that suggests a significant percentage of companies will fail their 2004 corporate governance audit. "Given what's at stake, the lack of understanding of what companies must do to ensure compliance from an IT perspective is shocking - particularly since the deadline is just a few months away," said John Logan, Obian's founder and president and a 25-year veteran of the information technology industry. "We've found many executives who think they're sufficiently compliant, but they're not. They incorrectly think that by merely identifying and assessing the risk and control activities of their corporations' financial reporting systems - just as they did to meet the December 31, 2003 deadline for Section 302 compliance - that they'll meet the requirements of Section 404. "What they've failed to recognize is that 30-40% of a corporation's internal controls over financial reporting are information technology specific and that CIOs and other senior IT executives have a significant role in the process," he continued. "As a result, most corporate IT executives remain in the dark about their full responsibilities, even at this late stage, placing their companies at serious risk for failure. In fact, under the guidelines, if a company's CIO does not understand Sarbanes-Oxley Section 404 requirements, that alone demonstrates a deficiency in the control system." Sarbanes-Oxley requires issuers of financial instruments in the U.S. - including all public companies whose shares trade on U.S. stock exchanges - to identify their significant financial accounts, the business processes that support those financial accounts and the applications and IT systems that support those business processes. Companies must then document and test the adequacy and effectiveness of controls at the financial reporting level, the application level, the IT infrastructure level and the IT management level. The deadline for the majority of public companies for Section 404 compliance is December 31, 2004. Logan points out that there are significant consequences for failure. If material weaknesses are identified, management is obligated to disclose this information. In addition, the corporation's external auditor is required to independently test management's assertions - including those regarding IT controls - and issue an opinion. This attestation, including material weakness found during the audit, will appear in annual reports filed with the Securities and Exchange Commission by companies with fiscal years ending after November 14, 2004. "Part of the problem has been the vast confusion regarding exactly what is required," Logan continued. "While guidelines have been published, auditing firms are still interpreting them and building their own suite of even more detailed IT control tests. Companies would be foolish, however, to use this uncertainty as an excuse for inaction. "External auditors face serious ethical and liability issues if they do not perform a comprehensive and in-depth testing of a company's assessment efforts," he added. "Even though this is the first year in which an assessment of IT controls over financial reporting is required, no company should expect its external auditor to be lax in its reporting responsibilities to the company's shareholders." Obian has developed a comprehensive software framework for assessing and documenting the adequacy and effectiveness of a corporation's IT internal controls that support its financial reporting system and then expedite the collaborative remediation process for all identified deficiencies as mandated under Section 404. The framework is designed to conform to industry standards, yet is flexible enough to meet the specific needs of each organization's assessment, documentation and remediation processes. The survey was based on interviews with 286 CIOs and senior corporate IT executives. About Obian Founded by successful software industry veterans, Obian develops products and service offerings designed to improve the way corporate executives lead and direct their organizations during periods of rapid change. Founder and president John Logan is the author of the groundbreaking book, "Evolution Not Revolution: Aligning Technology with Corporate Strategy to Increase Market Value," which formed the intellectual basis for Obian's products and services. Chief operating officer T. Mark Morley has extensive management and financial background in high technology, having previously served as CFO at Encore Computer Corporation, (NASDAQ) and Iomega Corporation, (NYSE). A graduate of Boston College Law School and Harvard Business School, he previously worked as a CPA at Deloitte & Touche. Chief Technology Officer Peter Bohnert is a software engineering executive with a diverse background in Internet content delivery, Supply Chain Management, Enterprise Resource Planning and Change Management applications. Additional information is available at www.obian.com. |
