The Sarbanes-Oxley Act, designed to place more controls on corporate accountability in an Enron era, has the potential to be bigger than Y2K in how it affects companies in every industry of every size. Companies may have been able to meet initial Sarbanes-Oxley compliance using well-defined processes and procedures, but compliance with upcoming Sections 404 (certification of financial reporting processes and controls) and 409 (real-time reporting of material events) may not be so easy. AMR Research's recent survey of more than 60 Fortune 1000 public companies shows that CIOs are now ready for major IT investments to help bring their companies to compliance.
The online survey revealed the following:
Fortune 1000 companies have earmarked more than $2.5 billion this year in Sarbanes-Oxley Act investigation and initial compliance-related work
85% of companies predict that Sarbanes-Oxley will require changes in IT and application infrastructure that support the business
79% are unsure what implications the act will have for their company
61% expect business process change will be required
Importantly, many forward-thinking CIOs view Sarbanes-Oxley compliance as the "compelling event" to kick-start specific system and process improvement initiatives long stalled because of other IT spending priorities, thoughts that are reminiscent of the ERP craze Y2K kicked off in the 1990s.