Legacy data poses risks

Computing reports on events at software firm CA's annual user conference in Las Vegas

Poor data integration projects could be putting companies at risk of prosecution from regulators, says CA’s chief compliance officer, Patrick Gnazzo.

Speaking during a compliance roundtable at CA World last week, Gnazzo said organisations must improve how they manage IT integration projects and ensure that legacy systems are not feeding inaccurate information into reporting tools or exposing customer data.

‘Most big firms have between 200 and 400 legacy systems that have data,’ said Gnazzo. ‘But now this information is being poured into SAP and other systems.’
Companies should audit systems before integration and make sure key data is accurate.

‘If you have a bunch of legacy systems that don’t have the right information in them and it is poured into an enterprise resource planning system then there is a risk that you could be in danger of regulatory prosecution, both from a financial and data privacy point of view.’

Deloitte and Touche partner, Jim Burns says chief information and technology officers are well positioned to steer business compliance projects, such as Sarbanes-Oxley.

Their knowledge of different parts of the business could help them gain the role of chief risk officer and take a position on the board, he said.