Case study: Cutting regulation down to size
By Steve Ranger
Published: 15 November 2005 10:00 GMT
Putting the right systems in place to deal with all forms of legislation and regulation is the key to dealing with the Sarbanes-Oxley Act, according to investment bank Dresdner Kleinwort Wasserstein (DrKW).
Stephen Ashton, director of global IT business management for DrKW, said complying with the act has been a major activity.
Ashton said: "It's an enormous job. Between 10 and 15 per cent of our back office staff are working on compliance and regulation. It's significant in terms of the burden on general business and on the IT function. And it is ongoing and it's not going to stop."
Guidance on what companies need to do to be compliant is still developing, adding to the work.
SOX has made companies place more emphasis on the reliability, security and accuracy of their systems. Companies need to understand how their back office systems support financial data processing - and show that they have the right IT governance in place.
Ashton said the aim is to automate much of the compliance work: "We need to find a way to embed these processes in our day-to-day business. Because that's the only way we are going to get the impact and the costs down."
DrKW is using Tideway's Foundation product to identify dependencies in its IT systems and create a view of its IT environment.
One of the areas where large organisations struggle is in understanding all the complex systems they operate, Ashton said. The Foundation product helps the bank find out what its IT environment is and what the dependencies are, and to do that in an automated way rather than using spreadsheets.
He said: "It creates a lot of management information for us in an automated and efficient way. We get exception reports that turn into work programmes."
Even though SOX has created lots of work, it is still only one piece of regulation, warns Ashton. "Any global organisation has a framework of regulation and legislation to deal with. SOX is the one that has had all the focus."
For example DrKW is setting aside the same amount for MiFID as it has for SOX.
Ashton added: "What we need to create is an appropriate control environment.
"That's where things like ITIL (IT Infrastructure Library) and Cobit (Control Objectives for Information and related Technology) come in. They set the framework of standards that apply to IT that we should be following to make sure we comply with regulation."
Sytel is well known around the world for its stance against irresponsible dialing practices and we have worked with the FTC in the US, and Ofcom in ...
Agree with key stakeholder critical RM dependencies and ensure these are effectively operated, resources and monitored. Maintain RM activity plans ...
A key output of this task will the creation of a knowledge database based on regulation constraints, technologies, feedback from suppliers, library ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Nick Beecham and Belinda Doshi
No more tax breaks for offshoring?
Financial services firms must prepare now for 2010 legal changes
Tim Ferguson
On a new Voyager, tackling fraud and the intellectual challenge
Interview: Nationwide IT director, Peter Stafford
Nick Heath
David Lister on smart grids and why he left RBS
Interview: National Grid CIO
Andy Jones
Why banks will push ahead with offshoring
Comment: Even if they don't want to
Catherine Stagg-Macey
Legacy IT holding back insurers
Comment: Economic crisis means finance giants must step lively
Julian Goldsmith
The City fund manager with no IT department
Q&A: How asset management is embracing the cloud...