It's said that politics makes for strange bedfellows. New legislation designed to place tighter controls on corporate accountability is doing just that.

IT and finance departments - which historically have not always seen eye-to-eye on technology expenditures - are working closer than ever to review and modernize companies' financial reporting systems to comply with regulations set out in the Sarbanes-Oxley Act of 2002 .

Passed by Congress last July following a season of high-profile accounting scandals, the Sarbanes-Oxley Act requires publicly traded companies to provide more timely, accurate and detailed financial reports.

One of the first provisions of the new legislation to take effect requires CEOs and CFOs to certify under oath the accuracy of their corporations' financial filings. Other provisions relate to changes in Securities and Exchange Commission (SEC) filing schedules. The deadline for filing an annual report is shrinking from 90 days to 75 days this year and 60 days next year, for example. Similarly, the deadline for filing quarterly reports is shrinking from 45 days to 40 days this year and 35 days next year.

As public companies scramble to understand the Sarbanes-Oxley Act, IT departments increasingly are being called into the fray to assess how compliance would affect firms' IT systems.

Mike Gabaly, director of cash forecasting and financial performance management at Lockheed Martin in Bethesda, Md., says Sarbanes-Oxley has raised concern at his company. But Gabaly is confident that plans to consolidate Lockheed Martin's myriad financial planning, accounting and corporate tax systems with a single software package from Longview Solutions will cover most of the legislation's current requirements. "We're pretty well positioned to support all that certification due to the fact that we're consolidating all of our information into one application," he says.

While companies might have met the act's initial requirements with little disruption to existing financial reporting processes, pending provisions have broader IT implications that could require a company to overhaul or upgrade its systems, says ARM Research. The research firm cites sections 404 and 409 of the new legislation as particularly onerous.

Section 404 requires companies to certify their financial reporting processes and the structure of their internal audit control. Companies need to document and attest not only their final numbers, but also the processes by which they arrived at those numbers.

This provision has elevated the issue of internal controls to the CEO and board level, requiring senior management to pay greater attention to issues such as confidentiality, systems integrity, business continuity and disaster recovery, says Al Decker, executive director for security and privacy services at Electronic Data Systems.

"Most people don't get up in the morning thinking about internal controls," Decker says. "What Sarbanes-Oxley has done is taken what may have been relegated to the IT department and elevated it to a significant business issue."

Section 404 is of most concern to customers, agrees Susan Foley Kane, vice president of product marketing for PeopleSoft's financial management group. "Every CFO, every financial organization that we get into our customer-visit center right now, this is what they're struggling with," Kane says.

Under Section 409, companies must disclose material events that affect the business within 48 hours of when they occur. This includes not only financial events, but also operational events, such as if an airline loses its best fuel supplier. Under the act, companies will be required to report the event and its financial consequences.

These rules are more cumbersome than some earlier provisions, observers say. But just how much more cumbersome is debatable. Obscuring the issue is that the SEC is still fleshing out the details of the law. Exactly what defines a material event is still open to interpretation, for example.

AMR suggests Sarbanes-Oxley has the potential to be bigger than Y2K in how it affects companies. The firm predicts the Fortune 1000 will spend more than $2.5 billion in investigation and initial compliance-related work.

However, more conservative industry watchers say many public companies are in good shape to comply with more stringent corporate reporting requirements.