Back to Programs

Using ISO 9001 and Information Technology to Help Manage the Sarbanes-Oxley Risks
John Walz, Senior Consultant
The Sutton Group
1083 W. Jefferson Ave, Naperville, IL 60540
johnwalz@ameritech.net

The U.S. Sarbanes-Oxley Act of 2002 requires the Chief Executive Officers (CEOs) and Chief Financial Officers CFOs) to certify the effectiveness of their company’s internal controls or risk civil and criminal penalties for signing off on ineffective controls.

Recent estimates show Sarbanes-Oxley (SOX) spending in 2006 will top $6 billion. Of that amount, thirty-two percent or $1.9 billion will be spent on Information Technology (IT). Traditionally companies have focused on the human side of adhering to the SOX, although this focus has very proved costly to maintain. Companies are discovering more and more that the benefit of deploying technology to manage the SOX requirements brings long-term, proven results.

However financial reporting controls can not be separated from business rules and operational controls — particularly in the quality and environmental areas.

Effective internal financial controls and quality and environmental management system (QMS/EMS) initiatives can work closely to manage the risks of finance/ accounting, quality, and environmental. When enterprise-wide IT solutions are integrated with the management system, the SOX costs become sustainable and Corporate Governance receives a clear and accurate view of business risks.

In 2003 four quality management and auditing professionals formed the SOX-Q/E Team to identify how QMS and EMS can be used to help reduce risk related to SOX. One of their findings are senior management needs to obtain better information about the effectiveness of its organizations. An effective QMS/EMS with IT automation can help top management maintain effective corporate governance and satisfy the SOX requirements. Paper includes ISO 10014 Clause 5.5 System approach to management and Clause 5.7 Factual approach to decision making.

Presenter:

John Walz had over 20 years experience in quality at AT&T, Lucent Technologies, and SBC (AT&T). He is a subject matter expert in ISO 9000,TL 9000, BS 7799, IEEE, and CMMI standards and is author of the books TL 9000 Quality Management Standard for Telecommunications chapter in ISO 9000 Handbook, Fourth Edition, QSU Publishing Company 2002; Practical CMMI Software Process Documentation- Using IEEE Software Engineering Standards,John-Wiley/IEEE Press,Nov-05; and upcoming book Practical ISO 9001 Software Process Documentation- Using IEEE Software Engineering Standards,John-Wiley/IEEE Press,Sep-06.

John is a member of US TAG to ISO Technical Committee 176 and the ANSI Z-1 Committee on Quality Assurance. He heads a new Z-1 project on CMMI / ISO 9001. He currently is a quality management system consultant with The Sutton Group and an instructor for ASQ. He was a member of the telecom consortium, QuEST Forum, from its 1998 inception to 2001, with leadership positions on the TL 9000 Requirements and Measurements Work Groups.

Mr. Walz has presented seminars on the Sarbanes-Oxley Law, ISO 9000, TL 9000, CMMI Software Engineering at ASQ, QuEST Forum, and IEEE Conferences including several international locations in Europe, Asia, and South America.

Mr. Walz has an MS Electrical Engineering degree from Ohio State Univ. His is a ASQ Senior member, and edits the ASQ SOX blog and monitors the ASQ SOX discussion group and web site.

Back to Programs