No one disputes that companies need IT tools to comply with Sarbanes-Oxley and monitor internal controls—but in some cases, the tools themselves are what stand in the way of SOX compliance.
In a Compliance Week analysis of 400 companies disclosing material weaknesses in internal control over financial reporting, 52 pointed to their IT systems as a point of weakness. Disclosures ranged from problems with security and segregation of duties to documentation of steps and procedures and the manual transfer of information among programs or applications, in addition to other woes.
