Many businesses have less than 75 days to ensure their IT systems are compliant with US Sarbanes-Oxley legislation.

Any public company with more than $75m in market capitalisation that closes its 2004 fiscal year on or after 15 November must meet the needs of Section 404 of the 2002 US accounting regulation within 75 days of their year-end date.

Some 300 companies have already warned the US Securities and Exchange Commission (SEC) that they face non-compliance with the deadline for Section 404 due to weaknesses in their internal controls.

Section 404 mandates a company's auditor to identify 'any material internal control weakness' or 'significant deficiency', in verifying that management has sufficient operational command to produce reliable and compliant financial reports.

'Now we have all these other obligations including internal reporting, which is causing companies all this grief, because internal control reporting for US companies starts now,' said Rick Mitchell, partner at law firm, McDermott, Will & Emery.

Smaller and foreign companies with US listings have to comply when they file their 2005 annual reports.

UK-based subsidiaries of US corporations are also expected to ratify the integrity of financial data and reporting shared with their US parent.

'IT can help in a few areas,' said Cubillas Ding, senior financial technology analyst at Datamonitor.

'To ensure that any associated processes are correct and transparent. Secondly, that irregularities or errors will be minimised. The third point is to enforce accountability via proper systems or process controls, documenting activity trails and storing appropriate records.

'And lastly, data management and governance activities within IT departments, which some of these business functions are built upon, need to, themselves, be strengthened and shown to adhere to the appropriate standards.'

Analysts expect companies to restructure their financial and IT-related controls during the first two audit cycles to make the compliance process more efficient.