US provides compliance lesson for UK managers

News

US provides compliance lesson for UK managers

Nick Huber

IT directors could be forgiven for dreading the words "corporate governance and compliance".

The past few years have seen a slew of regulations - including Sarbanes-Oxley, International Accounting Standards and the forthcoming Basel 2 - that have significant implications for IT systems. They require IT directors to pull together data from scattered systems and check their accuracy. Failure to supply adequate information to meet the regulations could lead to prosecutions resulting in substantial fines or imprisonment.

At a discussion earlier this month, set up by Organisation and Technology and Research, David Spinks, director of operational risk at software supplier EDS, suggested practical ways to ease the pain of compliance projects. He said UK companies should learn from the experience of US firms, which he claimed had underestimated the amount of work needed to comply with the Sarbanes-Oxley legislation.

"Companies have not given themselves enough time or resources to comply with Sarbanes-Oxley," said Spinks, who worked in the UK nuclear industry assessing risk before he joined EDS.

He advised IT directors to look for the overlap between compliance projects to avoid running numerous separate projects. "The biggest thing you can do is go to the board and say please can we do [compliance] in one project," he said.

He recommended that firms use industry standards Coso (Committee of Sponsoring Organizations of the Treadway Commission) and Cobit (Control Objectives for Information and Related Technology) to assess business risks to help them manage their compliance projects.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy