Are You Making SARBOX Work Overtime?
(Or Is It the Other Way Around?)

As Senior Advisor to the CEO, Dave focuses on key projects important to PMI’s mission and community. Prior to that, as Chief Strategy & Growth Officer for PMI, Dave collaboratively defined and drove the execution of the Institute's strategy to create exponential growth in relevance and impact. Working globally, across the organization to define, test, and deliver "new products that matter," which will deliver dramatic increases in value to our customers.

  Governance   Strategy  

We’re well into 2005, and many companies are still not complying with all of the requirements of Sarbanes-Oxley. It’s a tough job, but as an IT Strategist you need to know that you’re doing all you can to make that compliance help further the goals of the business, rather than hinder progress.

We recently spoke with Moira Berman, a prominent compliance and governance consultant. As an independent consultant, Moira has assisted companies in both the public and private sectors with business and IT strategies and implementations. Currently she is assisting public companies with Sarbanes-Oxley IT compliance initiatives: managing the project, developing the documentation, carrying out testing, mentoring colleagues and developing templates for use in the Sarbanes activities.

gantthead: In general, how would you characterize the role of IT management in complying with Sarbanes–Oxley? What should we be looking to achieve in spirit? Should it be an active role or more of a supporting role?

Moira Berman: Definitely an active role. IT cannot think of itself purely as supporting a few Finance identified controls, and IT cannot simply react to the controls that Finance identifies as having an IT component. For example, Finance may identify that the security groups in the ERP system need to be updated to support separation of duties. IT must …

Please log in or sign up below to read the rest of the article.