ccl : news & views

IT holds key to governances
08.04.2004 - IT WEEK

Upcoming revisions to European auditing rules could bring hard work for many IT departments

IT managers should plan now for tough new European regulations on financial accounting, experts warned last week. The new rules, currently being developed by the European Commission, could affect data storage, email management and archiving, as well as accounting systems.

Under the EC's proposed directive on auditing, published last month, firms could face tougher auditing requirements and stiffer penalties than those imposed by the Sarbanes-Oxley Act (SOX) in the US.
As a result, Mike Davis of analyst firm Butler Group said it would be dangerous for IT managers to ignore the European proposal. "They should definitely be doing something now. The EU is absolutely serious that we need to get our house in order, in light of [the] Parmelat [scandal]," he warned.

Under SOX, chief executives of US organisations, their UK subsidiaries and firms listed in the US are required to personally sign off financial statements and certify that accounts data is accurate. If irregularities are subsequently uncovered, chief executives can face prison terms of up to 20 years.

Davis said firms that have already implemented systems that comply with the US rules would be in a good position to meet future European regulations. "If you haven't [set up such systems], you'll be in for a big learning curve. You don't want your organisation to be made an example of with a prison sentence, as this has to happen to someone."

Areas that IT managers should assess include server and storage consolidation; email management; archiving policies; and information lifecycle management. "You can spend a lot on point solutions to ready systems, but what you really need is an IT architecture for dealing with compliance," said Davis.

IT managers who fail to plan ahead may appear unprepared once the EC directive becomes law. "In the past the focus of compliance has been on the finance department," said John Taylor, managing director at business performance management specialist Cartesis in the UK. "But the board will begin asking CIOs what they're doing to help the firm comply, as this area is so reliant on IT systems."

Company boards will expect more involvement from their IT departments to establish end-to-end auditing controls, Taylor predicted. "They'll want to know how they can be sure that data entered into an ERP [enterprise resource planning] system sees its way through to the legal reporting requirements," he added. "Finance can't do this on their own."

Even though many UK firms are not legally required to meet SOX-level auditing quality at present, Oracle's head of finance and compliance solutions in the UK, Michelle Maden, argued that meeting those standards could generate wider benefits. "The SOX act incorporates sound aspects of corporate governance," she explained..