Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk Management

01:38 PM
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

The SOX Technology Burden

By Brian Mitchell, JPMorgan Why has SOX become such technology burden? In year one, SOX was a burden for all. The business had to define all of the key controls associated with financial reporting and it had to identify the key systems on which the business depends to support these controls. Meanwhile, the technology group applied a typical general computing controls assessment to those

By Brian Mitchell, JPMorgan

Why has SOX become such technology burden?

In year one, SOX was a burden for all. The business had to define all of the key controls associated with financial reporting and it had to identify the key systems on which the business depends to support these controls. Meanwhile, the technology group applied a typical general computing controls assessment to those systems. In subsequent years, the situation has not improved for IT controls.In year two, businesses gathered feedback and streamlined the financial controls, which reduced the SOX burden. However, the number of technology systems that needed to be assessed remained roughly the same -- even though technology teams attempted a similar controls streamlining exercise to that of the business.

In year three, again, a similar streamlining exercise occurred with both the business and technology attempting to rationalize their respective controls. But the scope of the technology controls does not appear to have reduced in line with the business controls. In fact, technology scope appears to be growing because the typical general computing controls -- which are designed to prove the integrity of production processing environments -- continue to expand to include some security-related areas, as a awareness grows of additional risks that impact technology (for example: Patch & virus management).

Now, with security monitoring included in assessments, the function of general computing controls has expanded beyond the "traditional" technology controls of systems development lifecycle, change management and access administration.

In order to rein in the expanding world of "general computing controls," we have to get back to reality and ensure that SOX remains true to its original purpose: Financial Control. Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio

Register for Wall Street & Technology Newsletters
Video
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.