Sarbanes-Oxley 'good for IT'

Complying with regulations such as Sarbanes-Oxley may have diverted money away from revenue-generating IT projects but it has forced business to get their technical houses in order, according to a senior IT manager at investment bank Dresdner Kleinwort Wasserstein.

Speaking on Thursday at the financial technology show FinExpo, Stephen Ashton, director of Global IT business management at the bank said Sarbanes-Oxley was a knee-jerk reaction to corporate scandal that was costing companies "a fortune" to comply with.

"Around ten to fifteen percent of our total headcount is working on compliance and regulation and that is quite a big cost," he explained.

He also warned that although European companies may consider Sarbanes-Oxley as a US-only issue, a similar scandal on this side of the Atlantic would undoubtedly see regulators in Brussels follow the American lead.

Sarbanes-Oxley was signed off in 2002 and is designed to prevent financial malpractice and accounting scandals such as the Enron debacle. Overall spending on complying with the Sarbanes-Oxley Act was estimated to be around $5.5bn last year, according to a recent survey by AMR Research.

However, despite the costs involved, Aston said that overall compliance was good for IT departments as it forced companies to re-organise disparate systems that in many firms had grown into random silos that did not communicate effectively.

"I think it is a great thing not just for IT but for business generally. From an IT perspective I think it’s a doubly great thing, obviously it helps us straighten things out but it is also helping us generate new value," he said.

From a systems management perspective, Ashton said, complying with Sarbanes-Oxley has forced the company to catalogue its existing IT systems and investigate exactly how those systems are being used currently.

He described how in many companies IT systems are akin to a "monster" that has no respect for time and space. Complying with regulations means taming this monster in order for companies to be able to provide the kind of transparency required by the legislation.

"We have just completed a data centre review. The thing that came out of it was that we have tonnes of information but very little knowledge. There is a lot of partial and inaccurate data in our systems," said Ashton.

The bank is working with business-intelligence provider Tideway Systems which has an application that allows a company to build an accurate map of all the disparate elements that make up its IT infrastructure.

"You need to be in a position to be able to map all of the components in infrastructure – starting with network layer and moving up into applications including financial reporting apps that Sarbanes-Oxley is so concentrated on," said Richard Muirhead, founder and chief executive of Tideway.

Muirhead said this kind of analysis is "not easy stuff to achieve and is nigh on impossible manually," which is where Tideway's tools come into play by automating the procedure as much as possible.