Four years after Sarbanes-Oxley Act’s inception, corporate IT departments are having trouble catching up to their finance department counterparts. CEOs and CFOs have taken compliance issues very seriously, especially in the past few years, but their counterparts in the IT department aren’t able to effectively implement compliance technologies and policies because they don’t fully understand the most recent regulations, according to a recent survey of top-level executives.
Forty-percent of the respondents said their IT executives’ knowledge about compliance is not up-to-date, according to a joint survey by trade group BPM Forum and compliance software maker AXS-One. That could leave their corporations stuck in quicksand if a federal agency requests electronic documents during an investigation. For example, nearly 41 percent said it could take them up to a week or more to find e-mails related to a specific transaction.
The compliance readiness survey of nearly 400 executives shows a disparity among departments and their leaders’ expectations. Nearly 30 percent of the IT executives surveyed said the “critical” issue of compliance at their companies lacks adequate resources. At the same time, 35 percent of chief executives don’t know how much of their IT budgets has been allocated to compliance-related technologies. And more than one-third of respondents don’t have a policy or technology system in place for dealing with a subpoena involving electronic records. Forty percent of those who do have policies for electronic records (such as an outline of how long e-mails are kept) said they are not effectively enforced.
The survey respondents—25 percent of which are financial executives—worry about what effect their compliance systems will have on their companies’ future. Almost half said they are concerned that their corporations’ failure to effectively archive and manage all their electronic documents could be a “critical liability.”
What could help align financial executives’ priorities with their IT departments’? The usual answer: money. And companies seem willing to pay. Fifty-eight percent of the survey respondents said their IT spending will increase.
Another solution is increasing communication between the IT department and the managers dealing with compliance, such as a company’s general counsel or compliance officer, says Bill Lyons, CEO of AXS-One. The CIO needs to realize the entire scope of a company’s priorities or else the IT department will likely concentrate on just one aspect of compliance, he adds.
According to Lyons, when companies re-examine their policies and technologies relating to e-mail retrieval, they also need to consider all the other documents that could be asked for by a regulatory body, including instant messages, spreadsheets, PowerPoint presentations, and other company documents. Corporations need to be able to be quickly grab any document related to an investigation in a matter of hours or days, not weeks or months.