Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Hole in My SOX

There’s a silver lining in the compliance clouds, after all

Please allow me to eat some humble pie. Last year I used one of these columns ("SOX It to Them") to call for IT vendors to put a sock in all their pronouncements about Sarbanes-Oxley. I believed SOX compliance had no relevance for Australian companies. It is American legislation I argued. However, today I'm going to say how useful SOX might be. You see I've spent a fair amount of time this year assessing the compliance phenomenon. I've come to appreciate it is a global trend. Furthermore, I think it's something that CIOs might welcome.

For CIOs there is a growing appreciation that compliance has strengthened operating controls
Forward thinking companies have come to see compliance as a blessing in disguise. Since compliance became vogue, many of the major stock market indices - including the All Ords and the Dow Jones - have reached record high levels. Rather than being discouraged by compliance, investors have clearly been heartened by the fact that public companies now have standards to meet. This success means that compliance requirements are unlikely to go away.

For CIOs there is a growing appreciation that compliance has strengthened operating controls. Compliance legislation has sought to improve risk management and offered CIOs some protection from getting embroiled in ill-thought-out projects. Compliance has also encouraged process mapping, which aids CIOs with business continuity planning and workflow redesign. And it has encouraged a focus on records management to assist CIOs with better information management.

Studies of SOX compliance in the US reveal that businesses are tackling compliance in one of two ways. The first group understood and accepted that compliance represents a new era of government thinking, and from the outset invested in processes and systems to automate the work. Today these companies undertake their compliance activity for least cost and have significantly improved their business management processes at the same time. The other group of companies fulfil their compliance obligations each year at the last moment by throwing resources at the task. These companies have little to show for their compliance endeavours.

The unfortunate news is that analysis shows the latter group is probably in the majority. AMR Research report that expenditure on compliance has grown in the US in the three years since SOX was enacted. Clearly, it will take time for the penny to drop in many organizations that compliance is not a chore, but a new way of doing business. Meanwhile many of these backward companies will probably be looking to the CIO and IT for help in digging them out of this mess.

The challenge many CIOs face with compliance is how to educate their executive that, in the long run, they should take compliance seriously. Perhaps CIOs should take a leaf out of the books of their suppliers. IT vendors have long used fear, uncertainty and doubt (FUD) as motivations to influence their clients' behaviour. Perhaps then CIOs need to remind their organizations that unless they face up to their compliance obligations the work will prove an ongoing drain on operating expenditure budgets for many years to come. What might be worse for these executives is the prospect that their competitors could be doing better. They might have found the silver lining in the compliance clouds much sooner.

Peter Hind is a freelance consultant and commentator with nearly 25 years experience in the IT industry. He is co-author of The IT Manager's Survival Guide and ran the InTEP IS executive gatherings in Australia for over 10 years

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: AMR Research, Dow Jones
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • 8 reasons why Citrix NetScaler beats the competition
    Application delivery controllers (ADC) are one of the most critical elements of cloud infrastructures and enterprise data centre architectures. ADCs strongly impact performance, scale and security of the entire application environment, so it is extremely important for IT leaders to choose the right one.
    Learn more »
  • HP Security Action Plan for Enterprise Printing and Imaging
    Security is a part of how we work. When you walk through the front door of your office every morning, you probably pass a level of security. At your desk, it’s likely you log in to your computer and access files over a secure server. From security badges and ID cards to network firewalls and software security, it may seem like your organisation has taken every measure to protect its property, people and data. This action plan outlines a step-by-step approach to help you develop a plan that improves the security of your printing and imaging environment and boosts your business.
    Learn more »
  • Achieve Business and Environmental Goals
    HP Web Jetadmin software offers business intelligence capabilities, as part of the Database Connectivity Module, that help IT managers assess printing behaviors and lower their organization’s environmental footprint. HP Eco Solutions reports enable measurement of environmentally relevant capabilities, settings and use patterns. IT can use the results to spotlight opportunities to decrease energy and paper consumption—for a printer, group of printers or an entire fleet. Read more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments