Like time-crunched students preparing for a final exam, most insurers approached the first Sarbanes-Oxley compliance audit more intent on making the grade than developing a good understanding of the subject. "In year one, companies really were focused on passing the audit–finding control deficiencies and putting in place new controls, even if they were manual or workarounds," says Sean Kracklauer, who leads the Sarbanes-Oxley research and consulting practice at the Hackett Group, a business process advisory firm and benchmarking group.

It didn't help that some IT departments often were faced with cramming for the exam, once they realized, already into year one, that even though Sarbanes-Oxley was advertised as a law focused on financial controls, it wasn't a finance-only issue. "There are some systems that don't meet the threshold in terms of the overall impact [on financial reports], but there's very little in IT that does not need to be part of the [Sarbanes-Oxley compliance] process," notes John Van Decker, senior vice president and principal research fellow at research firm Robert Frances Group. "IT also represents a significant investment and expenditure for the enterprise, so those IT expenditures also needed to be considered and scrutinized."

However, with the stress of the first exam behind them, companies–unlike college students–are going back to the books. "The second phase [of Sarbanes-Oxley compliance] is to achieve sustainability, and the third phase is using compliance as a lever for change and overall business improvement," says Van Decker. "Companies need to understand how what they've done [for first-year Sarbanes-Oxley compliance] fits into an overall objective. They need to understand what their strategy for IT governance, enterprise governance, and support for compliance will be."

Recommended For You

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.