Sarbanes-Oxley: CIO

1
Sarbanes-Oxley CIO Best Practices

• Stuart Robbins
• Founder and Executive Director
• The CIO Collective
• http//www.cio-collective.com

2
Sarbanes-Oxley The CIO

• Overview
• Trust
• Governance
• Quick Wins
• IT Best Practices
• Dos and Donts
• Some additional information

3
Issue 1 Repairing the Breach of Trust

• Regulation occurs in response to a breach of
  trust. To repair
• Ensure quality of communication.
• Ensure quality of data.
• Manage the user relationship.
• Quality Assurance for Systems and Data
• Testing, Reliability, Integrity
• Trust is the basis of Knowledge Management
• Survey your employees, survey your customers

4
Issue 2 Governance and Technology

• Directors are a new category of user
• Authentication, collaboration, escalation tools
• New vendors emerging, such as BoardVantage
• IT Governance should mirror Corporate Governance
• eGovernment principles suggest good strategies
• Enabling communities via the Net
• Automating manual processes
• Portal tactics Global vs. Personal

5
Issue 3 5 Things You Can Do This Quarter

• Anonymous Email for Whistleblower compliance
• IT Expert for Finance Organization
• Cross-functional Teams for Process Improvements
• Business Intelligence Portal w/special accounts
• Escalation Excellence The Template

6
Issue 4 IT Best Practices are Fundamental

• Change Management
• Documentation must be updated all changes
• Change Control Board
• 24/7 Operational Excellence
• Data Governance
• Executive Sanction and Involvement
• Ongoing Assessment and Analysis
• Owners, Drivers, and Enablers

7
Issue 5 The Dos and the Donts

• Do Not
• Do nothing.
• Avoid the truth about your systems.
• Do
• Get involved.
• Become the expert.
• Partner with Finance and Legal.
• Teach your employees that everyone is
  responsible.

8
To Learn More
The Legislation www.e-businessethics.com/H3763CR_H
SE.pdf  InfoWorld Summary www.infoworld.com/articl
e/03/ 07/11/27FEsarboxguide_1.html www.infoworld.c
om/article/03/07/11/27FEsarbox_1.html  The US
Securities and Exchange Commission
FAQs www.sec.gov/divisions/corpfin/faqs/soxact2002
.htm  AICPA Sarbanes-Oxley Implementation
Central www.aicpa.org/sarbanes/index.asphttp//www
.aicpa.org/pubs/cpaltr/Oct2002/add.htm  PwC
CFODirect clearinghouse www.cfodirect.com/  ARMA
Association for Information Management www.arma.or
g/legislative/sarbanes_oxley.cfm Ventana Research
on Sarbanes-Oxley www.ventanaresearch.com/researc
h/article.php?id516 
9
To Learn More (cont.)
SIM/Baker and Mackenzie on Record Retention
practices http//www.simnet.org/Content/Navigatio
nMenu/Chapter-Wisconsin/Meetings4/archives/Smedg-C
orpResp.ppt  Grant Thornton Resource Center for
Sarbanes-Oxley http//www.grantthornton.com/conten
t/76480.asp  Gartner Weblog on Sarbanes-Oxley http
//sox.weblog.gartner.com/weblog/index.php?blogid
11  Forbes.com One year later, a review of
Sarbanes-Oxley http//www.forbes.com/execpicks/200
3/07/22/cz_af_0722sarbanes.html  CIO.com http//ww
w.cio.com/archive/051503/rules.html  Computerworld
Special Coverage http//www.computerworld.com/new
s/special/pages/0,10911,2025,00.html  Whistleblowe
r Issues http//nilesh.org/weblog/etc/Whistleblowe
rProvisions2002.pdf
10
To Learn More (cont)
  Seminars/Vendors www.bearingpoint.com/Events/sep
arate_events/sarbanes.html www.plumtree.com/reg/ws
/so/ www.hyperion.com/solutions/global_compliance/
sarbanes_oxley.cfm www.documentum.com/events/07_31
_03_eseminar_aiim_doculabs.htm www.cognos.com/prod
ucts/finance/so_act.html www.digitalthink.com/dtfs
/e-learning/compliance.html www.boardvantage.com