On 26 May 2005, the U.S. General Accounting Office (GAO) announced the results of an audit showing that the SEC "did not maintain effective internal control over financial reporting." The GAO audit, which is available online at www.gao.gov/new.items/d05244.pdf , found "material weaknesses" in the SEC's internal controls, including general IT controls. The GAO announcement closely follows the release of an SEC staff report on the implications of the Sarbanes-Oxley Act ( www.sec.gov/info/accountants/stafficreporting.htm ), which sets standards for financial reporting.
Only 0.3 percent of U.S.-based companies currently report material weaknesses in IT controls through Sarbanes-Oxley, so the fact that the SEC — the body responsible for regulating the U.S. securities industry — has difficulties in this area is highly significant for government CIOs. The recent SEC staff report on Sarbanes-Oxley contains specific information and recommendations on IT controls, including an acknowledgment that COBIT (Control Objectives for Information and Related Technology) is an appropriate standard for IT controls.
Many industry observers will find the temptation to cast stones at the regulators irresistible. But it is important to remember that under the Tax Accountability Act of 2002, only independent federal agencies such as the SEC are required to undergo an independent audit of internal controls. Most federal government organizations fall under Office of Management and Budget (OMB) Circular No. A-123, "Internal Control Systems," which implements the Chief Financial Officers Act and calls for "self-assessment" of internal controls. The SEC audit will raise congressional awareness of weaknesses in the Chief Financial Officers Act.
Recommendations for U.S. government CIOs and chief financial officers: Prepare for more intense scrutiny of internal controls from congressional oversight committees, the GAO and the OMB.
Analytical Sources: French Caldwell, Gartner Research
Recommended Reading and Related Research
(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)
|Resource Id: 481339|