IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 2

Misunderstandings on SOX costs and Governance

March 28th, 2008 · No Comments

A recent article raised the point that SOX expense by companies was declining (as it should with the full adoption of AS5 across all filers and it being in place for over 6 years!), and that according to analysts that Governance expenses were on the rise and the new focus of enterprises.  Yes and not for the reasons stated, or perhaps not only for the reasons stated.  Unfortunately parties that have read this article have misunderstood the intent or that SOX fits into a mature Governance environment.  So, to imply that the control safeguards documented and matured within businesses as a result of SOX are worthless is incorrect.

It is important to realize that organizations follow a general maturity lifecycle, and a large dose of regulation that requires documentation and validation (such as SOX, et al) is part of that cycle.  It is certainly not the end, as businesses are adaptive and complex systems that are constantly in a change of flux.  So, without expounding on this lifecycle I will simply highlight that the absorption of the regulations and mandated controls into a corporate culture is natural.  In fact it is best practice to integrate the controls of many regulations along with business objectives to ensure an effective, efficient, and always agile operation.

In summary – Costs associated directly with a specific regulated response within an organization will alwawys decline – simple economics.  Regulations must be incorporated into the culture or “genetic makeup” of the organization.  Without this harmonization across the international enterprise businesses will become uncompetitive and lose market share – only to be replaced by those who are mature.

Best regards,

James DeLuccia

Tags: iso27001 · Life Cycle Management · Risk Awareness · Technology Strategy Orchestration · Tone at the Top

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment