Originating Author: Omengle
When using Microsoft Excel, if a formula refers back to its own cell, Excel will warn you that you've got a problem, called a 'circular reference.' The name implies that your calculations are running around in 'circles,' which sometimes is okay, but usually it's not. You can either correct the problem, ignore it, or specifically allow the circular reference to occur with a clear understanding of the implications for your model. Correcting the problem is sometimes extremely time-consuming and often not worth it. Ignoring the problem is almost a certain recipe for more work down the road. Understanding the implications of the problem and the exposures to your work is probably a good starting point.
It's kind of the same way with Sarbanes-Oxley storage compliance. You take this on to mitigate risks but but doing so, you introduce a whole new level of complexity to your storage infrastructure. Here are some of the risks of implementing a successful SOX storage initiative.
A major risk to the success of a Sarbanes-Oxley storage compliance initiative is the loss of archived records through theft of or physical damage to storage media. Each type of storage media has a vulnerability that may cause data loss: optical discs are sensitive to sunlight, hard drives can be damaged by electrical shock, mobile storage devices can be lost or stolen and tapes can be damaged by magnetic fields and also stolen, especially if not encrypted. This risk can be minimized by taking proper care of storage media, by implementing redundant archiving, using adequate data recovery protocols and implementing encryption (which brings a whole new set of complexities).
In addition, the storage requirements of Sarbanes-Oxley are not explicitly spelled out, which means you're attempting to miniize exposure without fully knowing if you're doing it correctly. What type of data must be stored, and for how long, is open for interpretation. Until the regulation is more clearly defined, choosing not to save any document, record or correspondence may potentially put the company at risk for noncompliance.
Archiving systems can address long term storage requirements, but a data archiving system may degrade system performance and be unable to scale to meet changing business needs. In addition, new procedures, systems or interfaces may meet end-user resistance, not to mention the infrastructure storing the information will be retired several times over before the information it's housing.
By considering these risks prior to initiating a SOX storage compliance strategy, you can understand where you're willing to take risks to reduce risks and where it just may not make business sense. One thing's for sure, turning a blind eye to these risks will probably come back to haunt you.
To comment on this Professional Alert, please follow these simple instructions.
- Login before editing or commenting on this page.
- Comment on this article. You also can click the "+" tab above.
- Please sign your comments by typing "~~~" at the end of your comment.
Community Comments