The Sarbanes-Oxley Act and its associated compliance requirements are relatively new regulations in the business world, coming into effect in 2002. The scandals that were the impetus for the law, such as the Enron saga, led lawmakers to develop strict rules that apply to a wide variety of businesses both public and private. Complying with these rules isn’t an easy task for the uninitiated, and it only becomes more difficult the larger a business is. And, as SearchCIO pointed out, the SOX regulations have a heavy impact on two parts of organizations that may or may not not have a particularly strong working relationship: the IT department and financial professionals, including accountants and many others.
“Consistent, strong and proactive data governance goes a long way toward meeting the many SOX requirements.”
The importance of IT
Had SOX passed 50 or 75 years ago, the recordkeeping process – the aspect most tied to a modern company’s IT staff – would have involved a lot of duplication, paperwork and filing but little else. The current era of business demands a different style and approach, however. Consistent, strong and proactive data governance goes a long way toward meeting the many SOX requirements. Because SOX only legislates the types of records required for retention and the period over which they must be kept, businesses need to both develop and implement an effective strategy for holding onto these important documents and retrieving them. The IT department is critical to the success of retention strategies, but this important need may be overshadowed by the financial components of the law.
The role of data governance and a holistic strategy
Using a holistic approach to information management – in other words, data governance – can provide major benefits in terms of SOX compliance. When organizations fully integrate the IT team as a part of the larger business organism and treat it as an asset, as opposed to the traditional strategy of setting IT off in its own sphere, they can more fully integrate operations and get everyone involved with compliance projects on the same page. Full integration of the IT department into a company is especially helpful when a strategy needs changing or systems related to records management and data archive solutions require expansion or updates.
A company on the same page in terms of SOX compliance has much better prospects for success. SearchCompliance reported that projections indicate a need for 100 times the amount of SOX-related data storage in 2020 as compared to 2009. IT departments will lead the charge in implementing the beneficial technologies that aid in SOX compliance and will play a role in policy development as well. With that in mind, it’s easy to see how a data governance strategy improves such efforts. Because the IT team is more fully integrated into overall operations, they’re better able to communicate, offer advice, troubleshoot and plan for the future. With the amount of SOX-eligible data growing each day, it’s crucial to both holistically include the IT department in regulatory efforts and use the best possible tools and platforms to effectively and securely manage that information.