2006: The Year IT Spending on SOX Compliance Kicks In
Compliance and corporate governance systems will account for 10 to 15 percent of businesses’ total information technology (IT) budgets in 2006, up from less than 5 percent in 2004, according to the Stamford, Conn.-based company.
“Projects that were not aligned with compliance and corporate governance were delayed or cancelled and SOX efforts inhibited the purchase of large amounts of software related to building new technologies and deploying new projects,” said French Caldwell, research vice president for Gartner. “However, by the second half of 2005, increased interest in IT solutions to ease the burden of compliance has begun to drive new spending.”
While many businesses’ initial SOX efforts and spending have focused on consulting, audits, process management and workflow, documentation and planning, the new focus will be on software that supports those projects with capabilities that include such things as business process management, corporate performance management, information access and decision support, security, storage and document management.
Sotware is not required by SOX audits, but the systems “significantly reduce the compliance burden” Gartner analysts say in summarizing the company’s report, “Sarbanes-Oxley Spending Continues to Disrupt Software Purchases.” The report can be accessed at Gartner’s web site. 
The challenge for corporations and perhaps the opportunity for CPAs and other consultants advising them, will be to design and implement systems that integrate with the company’s established technologies and business processes, according to Tom Eid, a research vice president at Gartner.
“IT organizations need to implement controls for compliance management without increasing architectural complexity. This requires that IT organizations work hand-in-glove with finance, legal and business operations to manage operational risk,” said Eid. Once implemented, the systems can potentially “build long-lasting value” for the company or “face the threat of becoming a scapegoat for operational and legal deficiency,” he added.
He further advises companies and their technology consultants to look for systems that support multiple aspects of compliance and several business units, as opposed to “one-off” solutions designed for only one aspect of SOX, or for one operating unit. “Sustainable compliance, that is, a level of support that is sufficient but not excessive, will only be achieved through a programmatic rather than project oriented approach,” Eid said.
Those one-off solutions could end up costing as much as ten times more than one combined over-arching system. Gartner estimates. The company’s finings are based on its survey in October and November of 326 audit, finance and IT professionals from corporations in North America and Western Europe.