News

IT looks the weak link in compliance

Nick Huber
IT systems could be the weak link in an organisation's compliance projects, according to Ernst & Young.

The professional services firm found that more than 40% of large US companies surveyed had discovered "significant weaknesses" in the IT systems underpinning projects to comply with the Sarbanes-Oxley regulations on corporate governance.

Sarbanes-Oxley, which comes into force next April for UK firms listed on US stock exchanges, will require companies to link financial reporting systems in different offices and subsidiaries.

Section 404 of the Sarbanes-Oxley Act 2002 requires listed companies to report on the effectiveness of their internal controls, such as rules embedded in IT systems or financial safeguards.

IT problems highlighted by the Ernst & Young survey included controlling employee access to sensitive financial information and IT security.

"Management should not underestimate the IT implications of Sarbanes-Oxley and the volume of work this requires from the typical IT department," said Erol Mustafa, partner at Ernst & Young. "Businesses often fail to understand fully how their IT systems actually control business processes. Documentation and testing of these controls is critical, and documentation that already exists often does not reflect the reality."

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy