After Enron, documents must be unshreddable

Corporate governance has rightly shot up the agenda since the Enron and WorldCom scandals. CEOs, CFOs, auditors and others, are going to have to move more carefully in future. But so far, very little has been said about the implications for IT -- which is a shame, because those implications could be very interesting.

This summer, the Sarbanes-Oxley Act (HE.3763) came into force in the US, a piece of legislation designed to put corporations under scrutiny. Large companies' audits are subject to a new special-purpose regulator. It has become a crime to destroy or conceal relevant documents -- and like other white-collar crimes, this one could now incur a ten-year jail sentence and a fine.

The Securities and Exchange Commission has put together rules to implement the Act's provisions, and IT managers had better start paying attention, because it will affect the way they have to handle documents.

But, you say, this is US law -- why should we worry? Because of globalisation. The Sarbanes-Oxley Act proposes that European accounting firms involved in any part of the auditing of US companies' accounts should be subject to scrutiny by the new board.

The outspoken Frits Bolkestein, European commissioner for the single market, is fighting to protect European companies from what he sees as an over-reaction. The Act has been "drafted in a rush", he said in the Financial Times. Mr Bolkestein favours guidelines, not rules. He thinks the way things work now hasn't been so bad.

Whatever the outcome of the political discussions, we had better keep our eyes on Sarbanes-Oxley and its implications. The general interconnectedness of business is sure to spread the new, tighter business practices from the US to Europe, whatever the letter of the law says we are required to do. The SEC believes that any company that files reports to it must comply with Sarbanes-Oxley.

To protect your company from inadvertently breaking the law (or from individuals deliberately doing so) IT managers will have to be sure they can help executives produce any documents that are required. This means that documents must be easily findable, and some of them will have to be unshreddable.

This, in turn means that some companies in what used to be called "document management" are enjoying small gains in share prices.

"Companies are fearful of being Enronned," Dave DeWalt, chief executive of Documentum, said to me a few weeks back. He is clearly gearing up to capitalise on what could turn out to be a new spur to get people to buy his products.

In the past, document management has been one of those IT areas, like ERP, CRM and so forth, that needs a redefinition every now and again, to persuade people it is new and exciting. Suppliers in the field have just finished re-styling themselves as "enterprise content management" companies, in an effort to jostle their way to the top spot in Web-based corporate intranets -- and convince us that the Web does not sideline their activities.

Now, the Enron scandal has reminded us of the importance of ordinary, honest-to-goodness documents, and their vulnerability in paper form. As documents get migrated into digital form, it can make it much easier to change and destroy them, but it can also make it harder to be sure that a document is gone -- how do you know all copies are deleted?

De Walt and his rivals in the field have systems that manage documents electronically. They have always offered compliance to regulations, but now these are being stepped up, it will make their products far more attractive.

Documentum has bought four companies this year, the latest being electronic records management company TrueArc (ERM? Sounds like another word for database to me). IBM has made a similar acquisition, of a company called Tarian. These companies also have so-called "digital preservation", which registers and stores records in a manner of which Sarbanes-Oxley would approve.

The document companies also talk up positive benefits of course. Collaboration is growing, and this means sharing information quickly between people in different companies. And they have always had a big (and slightly lame) riff about unstructured data, which tries to convince us that we need to take absolutely anything anyone in the company touches or utters, and shove it into a massive and fully indexed repository, just in case someone wants to look at it sometimes.

But really, in the current climate, people are not going to spend on things just because they might come in handy.

"Buy my product or go to jail," is a much catchier sales pitch. It's depressing but true. And I'm sure all the ERP, EAI, and CRM vendors are scanning the headlines for any sign that their own products might one day come in for similar treatment.

To have your say online click on TalkBack and go to the ZDNet UK forums.