CIO
SOX It to Them
Peter Hind  05 June, 2006 09:00:00

I've come up with a solution for solving world poverty: Every time a representative of an IT vendor uses Sarbanes-Oxley or SOX in relation to their product you make a $1 donation to Oxfam. Better yet, you could set up a SOX-free compliance unit in your office and then fine the vendors when they make irrelevant breaches. Given that most of the IT products or services currently available purport to help with SOX compliance, Oxfam coffers would soon be overflowing.

My gripe isn't with SOX per se, or the need for regulation, but I do object strongly with the way "compliance" is abused by salespeople. Why do they insist on wrapping foreign laws - which for all but the biggest Australian companies have no relevance - around their "offerings"? What relevance has SOX got for the Victorian government, or for that matter 95 percent of Australian businesses?

Compliance is hardly a recent phenomenon. Australia has long had jurisdictional recordkeeping requirements. Organizations have always had to retain corporate records for at least seven years. In fact, Brisbane-based Watchdog Compliance advises that there are currently over a staggering 1000 pieces of compliance legislation in Australia, most of which significantly pre-dates SOX.

Undaunted, it seems that a number of bright sparks in the marketing departments of many of the IT vendors have come to the enlightened observation that perhaps recordkeeping and IT systems could be one and the same. Jumping on the Sarbanes-Oxley bandwagon is the path to riches for their company. The problem with this is that only reinforces IT's (or in this case, IT vendors') reputation for over promising. SOX follows hot on the tails of office automation, open systems, client/server, Y2K and services-oriented architecture. Unfortunately, when the promise fails to materialize, usually after some significant corporate investment, the reputation of the IT industry, and those working in it, suffers in the eyes of the executive.

A good friend of mine has devised a short test that you can give any ICT vendor sales- or marketing-type who claims to address SOX with their product. My friend advises you ask these three key questions:

1.Can you tell me which clauses of the Sarbanes Oxley legislation will affect us?

2.Has your software actually been changed to assist with SOX compliance in any way and, if so, how?

3.Has your company actually changed the integrity of data collection as a result of SOX?

I suspect that in 95 percent of cases you will get a "no" to all of the above. If so you may wish to remind the salesperson about the Trade Practices Act, which has penalties of $500,000 personally, and $2 million corporately for misleading and deceptive practices. (And it's Australian, not US, legislation.) Regulators like ASIC, ACCC, and APRA enforce and require organizations to provide expensive corrective action if breaches occur. However these regulators seldom ask that an organization fix their computer systems. Instead they target the organizational culture and business environment.

And surely that is where CIOs should focus their energies in compliance activities. How are the appropriate compliance policies formulated? How are they communicated? How are they enforced? Where can IT assist with this work?

One thing is certain. In the current corporate climate, with the stock market at record highs, CIOs will not be short of compliance work to do.

Peter Hind is a freelance consultant and commentator with nearly 25 years experience in the IT industry. He is co-author of The IT Manager's Survival Guide and ran the InTEP IS executive gatherings in Australia for over 10 years

More about ASIC, ACT, Promise, ACCC

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Enter the fully qualified URL, eg. http://www.example.com/
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Newsletters
Sign up for our CIO newsletters!
Syndicate content

URL
www.kyoceramita.com.au

Call us on
Australia: 1800 339 003
New Zealand: 0508 596 2732

Email us
marketing@kyoceramita.com.au

Did you realise that the cost or running a laser printer over its lifetime is likely to exceed the original purchase price by several times? To compare your current printer's running costwith a Kyocera printer, select the TCO Calculator

Total Cost of Ownership (TCO)
Kyocera Saves... Try our Saving Estimator now
Calculate Now

Testimonials

 
CXO Latest

Wondering how all this talk about the cloud relates to your business? Learn about the latest IT security challenges and how cloud-based email and web security can help save time, money and resources. Join Computerworld for a 30 minute live webinar to discuss how cloud computing can protect your organisation and combat threats from inside the network.

Wednesday 21 October 2009, Time 10.30 am EST (Sydney, Australia) Screening at your desk

Register

  • +

    Developer finds major coding errors in Facebook, MySpace 06 November, 2009 08:29:00

    The simple problems may have exposed users' data for an unknown length of time
    Social-networking sites MySpace and Facebook have apparently fixed coding errors that could have allowed an attacker access to all of their users' data and photos.
  • +

    Java, BlackBerry desktop get security bug fixes 05 November, 2009 09:25:00

    Sun releases critical update to Java Runtime Environment
    Sun Microsystems and Research In Motion have issued critical bug fixes for security issues with their products.
  • +

    Botnet authors crash WordPress sites with buggy code 05 November, 2009 08:58:00

    Other sites that use complex PHP are also affected
    Webmasters who find an annoying error message on their sites may have caught a big break, thanks to a slip-up by the authors of the Gumblar botnet.
  • +

    M86 Security buys Finjan 04 November, 2009 08:11:00

    Deal gives M86 a Web gateway security product
    Looking to strengthen its Web security product offerings, M86 Security has acquired most of the assets of Finjan, a seller of Web gateway security appliances.
  • +

    Software shields online banking on infected PCs 04 November, 2009 08:49:00

    UK security vendor Prevx says its software locks out malware during transactions
    A U.K. security company is giving to banks, for free, security software that it says can block malicious software from manipulating online banking transactions or stealing data, even if the computer is infected.

To find our more about joining your peers on the
CIO Executive Council email: cio_ec@cioexecutivecouncil.com.au


Upcoming Industry Events
Whitepaper

Practical IT Service Management: Rapid ITIL Without Compromise

Transactional e-channels, applications, communications and systems all need to be available 24/7 - anytime, anyplace. So why should the IT Service Desk be any different? Learn how to leverage limited staffing to meet customer demands - read on.

CIO Industry Insight Podcast #6: Brenton Smith, Managing Director, CA (ANZ)
Listen to the latest edition of CIO Live which is now available for download.
Listen to the podcast
Sign up to the CIO Live email
Whitepaper
Enterprise WAN Optimisation: Delivering faster applications to any user, anywhere

This white paper explores important acceleration technologies and looks at the specific issues behind application performance problems and how to resolve them within an ADN environment.

Read Whitepaper

Brought to you by