Nearly Half May Not Make Second Sarbanes-Oxley DeadlineBy John Hazard | Posted 2005-09-27 Email Print
Updated: Forty-five percent of IT executives responding to an August poll said their companies are unlikely to meet the message retention requirements of Sarbanes-Oxley by the July 2006 deadline.Nearly half of all companies affected by the second round of Sarbanes-Oxley deadlines do not expect to meet the July 2006 target, according to a poll of IT executives facing the deadline.
Forty-five percent of U.S. IT executives responding to the survey by instant messaging security vendor Akonix Systems Inc. said their companies were unprepared to meet the message retention requirements in the federal regulations governing corporate information.
Twenty-nine percent of the 157 respondents to the August poll said they felt they would be able to meet the deadline for archiving messages, while a further 26 percent said they did not know.
"Nationwide you might be talking about 10,000 companies that are legally required to meet this deadline," Montgomery said. "Beyond that, you're talking about another 190,000 [businesses] or so, who might not be publicly traded, but need to think about at least some aspects of SarbOx because of the industries they're in or the businesses they work with."
Additionally, federal regulations such as HIPAA and the Patriot Act require message storage and retrieval functions, he said.
Respondents cited cost as the biggest hurdle on the road to compliance, Akonix said in a release.
U.S. businesses will spend an estimated $5.8 billion in 2005 to upgrade technology and expand storage capacity to adhere to Sarbanes-Oxley, according to AMR Research.
Even with the deadline looming, the pace of compliance is unlikely to pick up, Montgomery said.
"What you're likely to see is a gradual climb in spending as companies comply to what they must, when they must," he said.
"This isn't Y2K. The deadline has been a moving target; not so hard and fast and as specific an IT challenge as Y2K. There is some room for interpretation about certain aspects, like producing communications in a timely fashion."
Sarbanes-Oxley regulations, passed in the wake of corporate scandals and fraudulent accounting practices, require publicly traded companies to undergo an annual evaluation of internal controls and procedures for financial reporting.
Sarbanes-Oxley regulations, passed in the wake of corporate scandals and fraudulent accounting practices, require publicly traded companies to establish internal controls and procedures for reporting and responding to financial data.
Any messages and records, including e-mail and IM, that may affect financial decisions or public disclosures must be available for review by the company's key decision makers. The law dictates those records and messages by logged, archived and available for review. Annual audits will be conducted to determine compliance.
Failing to meet the corporate accountability deadline can mean fines for the business and jail time for corporate executives and officers.
Editor's Note: This story was updated to clarify the types of e-mail and IM data that might be affected under Sarbanes-Oxley, and what deadline extensions are currently in place.