Article

IT shouldn't be a compliance beast of burden

Margie Semilof

Third in a series.

High-level directives that set the tone for managing compliance policies may come from corporate accounting or, in the largest companies, from the office of the chief financial officer or chief information officer.

But most of the day-to-day planning and responsibility for the operational success of a compliance program

    Requires Free Membership to View

In reality, everyone from the top executives to the help desk employees must play a role ...


Scott Crawford, analyst

,
will fall to IT managers and administrators. In typical cases, it adds hours of extra work in the day of IT staff members.

For example, the finance department at Paxson Communications Corp., in West Palm Beach, Fla., is the source of decision making when it comes to the Sarbanes-Oxley Act (SOX) of 2002. Scott Saunders, director of systems technology at Paxson, said he spent more than 50% of his time between May and December writing narratives that describe process controls.

Since policy is really about governing behavior across the whole company, putting the compliance burden on the IT staff is not always helpful, said Scott Crawford, an analyst at Enterprise Management Associates, a Boulder, Colo., consulting firm. "In reality, everyone from the top executives to the help desk employees must play a role in helping to guide process management," he said.

But it is important to make sure there is one department in charge of all compliance. Michael Rasmussen, an analyst at Forrester Research Inc., a Cambridge, Mass., consulting firm, cited an example of an insurance company that had a

For more information

Special report: Coming to terms with compliance

compliance office that was only concerned with insurance regulation, not IT practices. SOX compliance was handled from the company controller's office.

Rasmussen envisions a corporate security team -- led by either a chief security officer or a chief policy officer -- as the most logical group to develop an organization's compliance policy. However, he said, an operations staff must also be in the loop so it can install technologies that support the requirements of compliance.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: