General discussion


Companies seeking ROI on SarbOx missing point

By The Admiral ·
Companies seeking return on Investment with Sarbanes Oxley missing the point.

In the last few weeks there has been news story on top of news story about companies that are seeking a way to gain a return on investment with Sarbanes-Oxley compliance. In fact, some say they are seeking ways in order to get money back in order to be compliant under those rules. Unfortunately, the point is being missed in respect to Sarbanes-Oxley, in that SarbOx is a method of accounting, not a process.

The process of change in the organization to get the companies financial methods of accounting is going to be the main cost of the business, which is taken off at the end of the year as an operational expense. The fact of the matter is that ignoring what Sarbanes-Oxley is will cost them longer in the short term than taking the law at face value. The sole purpose of the law is to ensure that the people in the company who are shifty eyed are being tempered back.

Just remember, companies have put controls in to temper back their employees, such as RFID tags, security monitoring, and even looking for the serial numbers of stolen machines on eBay. But while the employees were apologizing for taking a paperclip and a pencil, the executive management was taking millions. Sarbanes-Oxley ensures that the executives who are dictating to HR how to put the pinch to the subordinates are also pinched.

I have found in my travels that companies that are whining about the deadline probably did not have their controls in a way that was ethical in the first place, and/or did not consider that the system that they have been using since the dawn of computers was not up to date when it came to spitting out the newly required data, and compliance reports. Now that the system requires controls that were ?self-regulated? previously to be used in a regulated frame, we hear complaints. It would seem to me that anything that is labeled self-regulated is trouble. The ?Fox guarding the henhouse? analogy can be placed here.

It is the opinion of many of the people who are on the inside that once controls are placed and the process of tracking where the dollar goes and if that dollar was used ethically is placed into full force, that the Return on Investment will be equal to the initial implementation of the former accounting systems. If it costs more, it means that the longer that the accounting system is in place, the better return that will be realized. The total cost of ownership of this will be based on if the system has the appropriate security controls as well as disaster recovery aspects enabled. The TCO should have minimal impact on the company if the system that was used previously had generally accepted DR Principals attached to it. If not, the company will have a long time finding which place to cut to ensure that the appropriate qualified IT staff is engaged in maintaining the system.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

The Long of the Law

by BFilmFan In reply to Companies seeking ROI on ...

Smile when you tell them that the non-disclosure agreement does not cover notifying authorities when they are not in compliance with SOX.

Rememeber, smile!

Collapse -

by The Admiral In reply to The Long of the Law

I agree. They are so **** retentive about getting an ROI they have to tell the government that they are not in compliance until they find a way to get money to get into compliance and show a profit doing so.

Collapse -

Costs of SOx in IT

by jan.jansen In reply to The Long of the Law

Indeed I don't expect any ROI from SOx. It's a need to be in control. I have seen an increase of 30% in IT support costs to keep SOx and assosciated Information Security compliance running. What is your experrience?

Related Discussions

Related Forums