With all of the business imperative projects that CIOs are currently running with their limited budgets, it may be hard to imagine that a larger, even more strategic project is being thrown their way. On top of everything else that they are doing, CIOs are being charged with helping their CEOs and CFOs comply with the corporate governance regulations in the Sarbanes-Oxley Act.
"The senior executives are very concerned" about the Sarbanes-Oxley Act (which requires CEOs and CFOs to "sign off" on financial statements), "because there is so much data that they will have to monitor to make sure the financial statements are accurate," says Beth Hardy, spokeswomen at ACL Services (Vancouver), a provider of business assurance solutions and financial auditing tools. "With one wrong move, the CEO could be on the six o'clock news."
So CIOs shouldn't be surprised when senior management begins to ask for a more detailed account of IT expenditures, as every internal cost will be under the microscope as CFOs work to make sure that financial reports are as accurate as possible.
While complying with the Sarbanes-Oxley regulations seems like a largely financial and business matter, IT can expect to be called upon-it if hasn't already been-to collect data from all parts of the company, compile it, disseminate it to the proper parties and even track the data's progress. "The CIO is going to deliver the technology that can pull the information together," says Jim Gahagan, vice president, financial services industry strategy, for PeopleSoft (Pleasanton, CA). "The IT organization has to deliver it and the CFO and CEO will be relying on it."
IT Steps Up
Although senior business executives may wait impatiently for consolidated and accurate financial numbers, they most likely will not understand the underlying technology, points out Daryn Walters, vice president for Handysoft (Vienna, VA), a provider of workflow solutions designed to help insurance companies comply with Section 302 of the Act (requiring companies to generate up-to-date, accurate reports on internal controls and financial statements to which CEOs and CFOs can attest) and Section 402 (requiring companies to establish internal controls that conform to standards). "The very senior-level financial executives do not care about process improvement," he says. "They care about results, and they will notice when efficiencies are gained in the reporting process," Walters adds.
However, points out Richard de Moll, vice president, financial services consulting, Cap Gemini Ernst & Young (CGE&Y, New York), senior business leaders may need some education when it comes to IT and reporting. "I don't think that CEOs and CFOs have a good understanding of what IT can help them do to comply," de Moll says. "CIOs need to do some research into the regulations so they can partner with the CFO and bring technology to solve some of the pains. This is something that financial audit committees will be interested in: 'What is the blueprint for the IT systems and the data structure?'"
Currently, many public insurers contacted by Insurance & Technology, including MetLife and John Hancock, preferred not to disclose what processes and technologies were in place to comply with Sarbanes-Oxley. Many companies are taking a wait-and-see approach. For example, The Harleysville Insurance Group, while currently preparing its systems and processes, is waiting for the final regulations to be announced before committing to a particular plan, according to a spokesperson.
Nationwide Financial ($91 billion in assets, Columbus, OH) has developed a Lotus Notes-based internal reporting and auditing system to track verification of financial numbers for the company's CEO and CFO. "It is my impression that we are far ahead of our competitors when it comes to internal auditing to comply with Sarbanes-Oxley," says Dennis Drent, vice president, internal audits, Nationwide Financial. "As soon as the law Section 302 was passed, we began to work on the system."
However, says CGE&Y's de Moll, waiting until the final regulations are announced to start developing a compliance process may be too late. "Many are complying manually," he says. "But over the next three years, the timeframe for quarterly reporting will shrink. CIOs need to bring an integrated view of financial data, along with internal controls and audits, to the CFOs so data can be verified quickly."
Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio