A new study suggests that despite enormous attention to the Sarbanes-Oxley Act itself, relatively little consideration has been paid to the role of technology in helping financial institutions meet compliance requirements-or to the long-term opportunities offered by the Act.
New research from TowerGroup suggests that financial institutions should view the act as a catalyst for long-delayed business transformation.
"Sarbanes-Oxley does not specifically mandate investments in technology to meet its rigorous financial reporting requirements," said TowerGroup. "Yet in most financial institutions, financial reporting is inextricably linked to information technology systems-meaning that stringent Sarbanes-Oxley financial reporting rules cannot be viewed independently from IT. Traditional financial statements summarize and reflect transactions in the aggregate, while Sarbanes-Oxley requires a means of linking financial statements with the specific transactions that make up the results."
The Danger
"There's a danger of Sarbanes-Oxley being over-hyped for all the wrong reasons," said Virginia Garcia, senior analyst in the Financial Services Strategies & IT Investments practice at TowerGroup and author of the research. "There will be a tendency for financial institutions to focus on immediate-term IT solutions to meet compliance deadlines. However, firms should instead focus on the enormous long-term opportunities offered by these mandates, and view Sarbanes-Oxley as a catalyst for much-needed and long-delayed business transformation."
Among the findings of Garcia's research:
* Contrary to other industries, much of what Sarbanes-Oxley requires in terms of internal controls over financial reporting is not necessarily new to financial services institutions. It is simply not documented, or is spread across a wide variety of IT systems and business units. The opportunity to leverage existing IT investments across diverse disciplines underscores the holistic value of Sarbanes-Oxley compliance: better utilization of IT assets.
* Many of the technologies enabling Sarbanes-Oxley may already be in place in most financial institutions, though utilized for noncompliance purposes like customer insight or operational efficiency (e.g., data repositories conceived for marketing purposes during the heyday of customer relationship management projects). Investments made and since questioned may get new wind in their sails, as the value of data analytics for enterprise risk management and financial reporting purposes becomes evident. Data integration will assist financial institutions in fulfilling their Sarbanes-Oxley obligations by linking data from disparate systems in quasi-real time.
* TowerGroup believes Sarbanes-Oxley may jumpstart delayed investments in enterprise general ledgers, single-instance enterprise resource planning (ERP) systems, legacy system replacement, sophisticated data mining technologies, information security, storage optimization and data integration solutions. Enterprise content management solutions will also prove useful as they combine necessary business process management capabilities with imaging and document management functionality.
What Lies Ahead
* TowerGroup further believes that after an initial tactical IT investment in Sarbanes-Oxley compliance, IT costs related to the Act will continue to increase over a period of four to five years by between 5% to 10%. These IT investments will be strategic in nature, with Sarbanes-Oxley fueling business improvement and overall IT upgrade projects. As a result, IT spending growth for the Act will not be measured separately, but rather will be integrated tightly into overall IT budgets.
* The percentage of total IT costs that institutions direct toward Sarbanes-Oxley will range considerably: from 5% to 10% for financial institutions taking a more tactical approach to compliance versus 20% to 30% for institutions taking a broader strategic approach. The tactical approach will result in only 30% of related IT costs going to third-party providers, while nearly 50% of Act-related IT costs will be externally focused if an institution decides to combine compliance with overarching strategic goals. TowerGroup believes this is an important trend to watch over the next 12 months, as it could shift the overall dynamics of US financial industry IT spending.
