In a world fraught with business risks, technology is often the Achilles' heel of financial services organizations. Since Congress passed the Sarbanes-Oxley Act (SOX) in 2002, the financial services industry has had much at stake. Information technology chiefs in financial services may long for the days when they were "merely" tasked with implementing a new infrastructure or migrating to a new operating system. Those jobs were the norm when it came to lost productivity or even temporary reputation damage.
Then came SOX, and IT risk hit a new threshold. Yet recent reports and discussion among IT thought leaders are encouraging. With an investment of time and talent, it is possible to implement SOX in a way that is more efficient, less costly, and yes--in compliance. In fact, now some are saying proper testing and quality assurance of the underlying IT could pay dividends beyond the compliance process.
Tension and Confusion on the Road to Compliance
Compliance with SOX, also known as the Public Company Accounting Reform and Investor Protection Act of 2002, has created hot tensions among financial services firms that have earned, and must sustain, public trust. While SOX is widely known as legislation aimed at improving corporate accounting and governance reporting standards, technology is playing a central role because software is the key to compliance. If there was any doubt, Congress dictated it:
"The nature and …