03/22/2004

Bamboo Consulting, an independent research firm, in partnership with Klariti.com, today announced the results of a new survey of CFOs, CIO’s and business executives about their IT strategies to comply with the Sarbanes-Oxley Act of 2002.

Ivan Walsh, the author of the “IT Solutions for Sarbanes-Oxley Act” report, commented: "Though most executives see compliance in terms of financial reporting, to satisfy the broad scope of SOX requirements they must also implement processes and procedures in other areas, such as e-mail management, data retention, and also control unauthorized access, trapdoors and security holes in their network infrastructure."

The following results highlight the key points identified in relation to providing IT solutions for the Sarbanes-Oxley Act:

• Only 33 percent of respondents believe that companies will be able to leverage Sarbanes-Oxley compliance to enhance their market capital, brand equity and liquidity, and that over time SOX may be viewed in the same light as ISO certification.



• Over 57 percent believe that their IT Department’s risk assessment process has been integrated adequately with the company’s overall risk assessment process for financial reporting.



• Almost 68 percent of respondent encourage publicly-traded companies to look beyond 'merely complying' with Sarbanes-Oxley. Several IT vendors suggested that companies could take advantage of this opportunity to rollout document and records management software and define procedures to improve business efficiency, rather than only attempting to reduce the risk of non-compliance.



• Over 73 percent of publicly-traded companies have struggled to determine the appropriate tool for capturing employee feedback. Employees have identified confidentiality and anonymity for ‘whistleblowing’ activities as their main concerns.

"Many respondents identified potential duplication of efforts, (and the associated cumulative costs) of maintaining their ISO certification while also implementing and adhering to SOX requirements," added Mr. Walsh. “In addition, companies using indirect sales channels, or selling through distributors and resellers, need to ensure that these areas also comply with the SOX guidelines.”

According to the “IT Solutions for Sarbanes-Oxley Act” survey, 55 percent of software vendors believe that SOX offers opportunities to cross-sell other technologies such as Business Process Management systems.

Other respondents cautioned that non-US corporations should consider examining their existing operations in advance of the suggestions for SOX-like compliance guidelines for the European and Asian trading communities.