Depending on your point of view, the Sarbanes-Oxley (SOX) Act takes a giant step toward greater accountability in corporate America, or it is one more example of regulatory intrusiveness. Either way, since SOX is a private sector concern, managers in state and local governments may have dodged a regulatory bullet. For now, no federal SOX-like mandates directly affect them.
That may soon change. The new edition of the Office of Management and Budget’s Circular No. A-123 presses federal agencies to get their financial houses in order, and many observers expect that similar rules will trickle down to state and local jurisdictions. As a result, a “wait-and-see” approach is being replaced with a “now’s-the-time” attitude at some proactive governments like the Village of Bolingbrook, Ill.
Greg Dover, IT director of the municipality, is preparing for what he believes is the regulatory future by installing a new enterprise resource planning system with accounting software, e-mail and storage server technology. (See “Crunching the Numbers ” on page 43.)
Even without new federal legislation, state and local governments have not escaped the movement toward tighter accountability in the public sector. A number of regulations have been written at the state level for managing and archiving records of all types, whether they’re financial documents or e-mail communications. Many states, including Iowa and Wisconsin, have already instituted data-retention rules for archiving public records and strategies for transitioning from paper to electronic files.
What does all this mean for government IT managers? First, technology specialists need to work in concert with business managers to update financial processes in order to assure that data and procedures are consistent across the organization. Governments also need to evaluate how they’re capturing and retaining information, and whether they can quickly retrieve needed files if, for example, a legal question arises.
This evaluation should begin at a 10,000-foot level and methodically drill down to individual technology components to make sure that adequate storage systems—including backup and retrieval technology—are in place. Along with honing the technology, IT is often in the best position to lead cross-departmental efforts to develop policies and procedures for storing and disposing of files and e-mail communications.
The task of managing electronic records and e-mails may be facilitated with the newest information life cycle management programs, especially if developers tailor them for the public sector. The programs send files to the most efficient and cost-effective storage systems, based on how important the files are and how frequently the organization accesses the information in them.
Again, this isn’t a job for one person or one department. Rather, it’s something that requires collaboration from IT, the business staff, legal representatives and administrators.
Finally, state and local governments should use this opportunity to reassess their present processes. Don’t just transfer existing archiving policies born in a paper-based world into new electronic procedures. Look for ways to eliminate redundancies, plug gaps and optimize how critical information is managed.
The catalyst for change brought on by SOX’s influence can be good for government. But the likelihood of positive change, rather than legal headaches, increases when state and local governments act voluntarily—not when they’re up against a regulatory deadline.