Leader: Sarbanes-Oxley - another law to ignore?

"Like you can't legislate for morality, you can't legislate for good behaviour."

These were the words of Wes Rehm, senior vice president for SAS, pointing out that all the business intelligence and management software in the world plus the most obedient adherence to the letter of Sarbanes-Oxley and other compliance laws will not eliminate fraud and corporate corruption altogether. "But it will raise the bar," he added, during an interview with silicon.com earlier this week.

Rehm is not alone. Most people within the industry - and wider world - accept that legislation does not stop crimes happening. But hopefully it makes them less frequent and will make it easier to answer questions such as 'Why?', 'Who?' and 'How?'

Lynn Brewer, corporate whistleblower at Enron, claimed yesterday that corporate corruption is still rife. Sarbanes-Oxley in her opinion is long overdue but at every stage of the legislative procedure and pawing section-by-section over the finished Act it is possible to see the opportunity for those who have no intentions of reining in their criminal activity.

Many criticise measures such as secure, auditable and monitored communications, for example, highlighting the 'stepping out of the office for a coffee' tactics which could easily by-pass such systems, given the proliferation of internet cafes.

But many of the reasons for implementing Sarbanes-Oxley compliance are to do not with prevention but with accountability.

With execs now at risk from prison sentences and heavy fines if they are found in breach of compliance regulations there are some very compelling reasons for ensuring their houses are in order.

We shouldn't assume breaches of compliance regulation will only be revealed once the whistle is blown and a serious fraud revealed - many may come to light through standard auditing practices - but if a crime has occurred then companies need to be able to show that all reasonable measures were in place to prevent it happening 'on their watch' and to aggregate effectively all relevant data to expose the audit trail of criminal activity and identify the source.

Sarbanes-Oxley includes a large slice of back-covering and a provision for proving 'it wasn't me'.

To use an example, Nick Leeson was the rogue trader at the heart of the Baring's merchant bank collapse. Were his bosses to blame? It has been argued they were negligent in terms of not having to hand enough real-time data about his mysterious clients and the origin of the large sums of money moving through the Singapore and Japan derivatives exchanges.

Sarbanes-Oxley will, in theory, ensure companies have all possible data and have taken all reasonable measures to comply. But will SOX ensure the likes of Nick Leeson are eliminated altogether from the system? Not at all. Should companies be ensuring they do all they can to limit their risk? Absolutely.