You Thought Sarbanes-Oxley Was Bad? Wait til You See What's Coming
Get Your Waders, You're Going to Need Them
He believes it's likely that the purpose of many of the new regulations will be to push for better corporate auditability. That's because one of the problems that may well have contributed to the financial crisis is that although banks and other financial institutions had large amounts of information about their businesses, they still made bad decisions because they couldn't access the right information when they needed it.
The new regulations will blow away any notion that some of the more stringent Sarbanes-Oxley requirements might be relaxed in the future, so McClean suggests organizations get their houses in order while they have time. Any other preparation is impossible. "The problem for IT departments is that although we know that new regs are coming, we won't know what they are for about 12 months."
John Bace, a research vice president in Gartner's Compliance, Risk and Leadership research group, agrees that the new regulations will have an enormous impact on IT staff workloads. "The last thing we really need is a new wave of regulations, but given the situation in Wall Street at the moment, I believe the shadow the new regulations cast will be longer than Sarbanes-Oxley," he said. However, Bace believes new regulations are inevitable, as they are key to getting confidence back into the financial system. "How was it possible that we did not know about the potential collapse of a major bank until it collapsed?" he asked. "The regulatory oversight model which we have been using was formulated in the 1930s, and it is really no longer applicable."
There are three likely strands to the new regulations when they do arrive:
- A strong push for greater transparency in corporate governance
- A more standardized global set of accounting practices
- A push toward XBRL (eXtensible Business Reporting Language.)
In the medium term Bace said XBRL will provide a way for companies to publish real-time information on their business activities, and it's also something that could have a huge impact on IT department activities.