It's a good thing that the Sarbanes-Oxley Section 404 deadline has been extended, as many on Wall Street weren't quite ready for the June 15 mandate. The new Nov. 15 go-date offers financial institutions another six months to implement the right technology to comply. Section 404 requires affected firms to document and assess their institution's internal controls over financial reporting so CEOs and CFOs can vouch that these statements are correct.
A recent TowerGroup report, written by Analyst Virginia Garcia, offers financial-services firms suggestions for creating an efficient IT strategy to achieve compliance. Garcia notes in her report that the industry has given "an enormous amount of attention to the Sarbanes-Oxley Act, but relatively little heed has been paid to the role of technology in meeting compliance requirements." She says, "IT investments related to SOX should be viewed through the lens of lightening this administrative load while providing tangible opportunities to do business more efficiently and offer customers better service."
Her main contention is that financial-services institutions (FSIs) should not deal with various sections of SOX individually. TowerGroup believes FSIs should include the IT considerations for section 409 - which mandates a real-time reporting structure - in current section 404 planning to "avoid wasteful investments that do not accommodate the purposes of both sections."
Garcia's other suggestion is to make sure firms focus on long-term opportunities and "view SOX as a catalyst for much-needed and long-delayed business transformation objectives."