IT chiefs must plan for audit law

Experts are warning IT managers that proposed UK auditing legislation, along with new US accounting rules, will put extra demands on their departments as firms struggle to comply.

The Companies Bill, proposed to protect the UK against accounting scandals like those that have rocked the US and Europe in recent years, will have its second reading in Parliament on 7 September.

The bill proposes new rules to ensure the integrity of financial reporting and the independence of auditors, and could have a huge impact on IT departments, according to analyst firm Butler Group.

It warned that if the bill becomes law, many firms will only be able to meet the requirements by investing in better IT systems. These would include business process management systems, to ensure tasks are transparently assigned to appropriate people; email management systems, to make sure message content is managed at a corporate level; and policy management technology, especially governing data storage.

Disaster recovery, identity and access management, and records management were also cited as important areas for IT departments to consider when addressing their company's compliance requirements.

Tim Jennings, research director at Butler Group, said the foundations of compliance would be good systems for business processes and data integrity. "Under the rules, firms require one version of the truth and you need to prove that employees are working with the same set of numbers across departments and IT apps," he said.

But Jennings advised firms not to rush out to buy reporting systems or business process management tools. "Buying the technology and then working out how to use it is the wrong way. It's better to carry out a business process review and invest based on the outcome," he said.

Although the bill is only due for its second reading and could be amended, Jennings said the need to reassure investors meant a law along these lines is inevitable.

Firms could face further compliance headaches following the introduction of a new element of the US Sarbanes-Oxley (Sox) Act last month, requiring firms that are listed in the US to abide by specific disclosure and reporting rules.

According to analyst firm Gartner, companies tend to focus their IT compliance efforts on section 404 of the act, which covers internal controls. However, the recently introduced section 409 imposes additional reporting requirements and sets timeframes for disclosure, putting additional pressures on technology systems.

For the latest news for IT professionals, visit ITWeek.co.uk