You are here: silicon.com > Management > Law & Policy

Law & Policy

Compliance backlash: 'Get mad or get even'

One year on, was all that SOX money well spent?

Tags: sarbanes-oxley

By Will Sturgeon

Published: 15 November 2005 08:15 GMT

On the first anniversary of one of the most controversial sections of Sarbanes-Oxley legislation, many companies are only now starting to take stock of the huge amounts they spent on compliance – and many are starting to wonder whether it was money well spent.

Section 404 of the Sarbanes-Oxley Act (SOX), which came into effect on 15 November 2004, stipulates that companies trading publicly in the US must have policies and controls in place to secure, document and process information dealing with their financial results and all transactions.

A lot of money was spent on SOX. And a lot of questions are now being asked about the value it delivered.

-- Jim Burns, partner, Deloitte and Touche

The penalties for failing to do so include jail time for senior execs and large fines.

And fear of such sanctions drove huge corporate spending, drawing comparisons with Y2K. But now many organisations are coming to terms with the fact much of that compliance budget was misspent and must decide whether to get angry about it or get it right.

Speaking on a compliance round table at CA World in Las Vegas, serial entrepreneur Steve Papermaster suggested many companies over-spent in the belief that throwing money at the problem might at least ensure all the right boxes were ticked.

He said: "Until now the focus has been on getting the job done and the question of how to get it done efficiently was being put off until another day. Now that day is coming."

Papermaster said he encountered companies who were spending more on compliance-related technology than their entire IT budget for several years.

Jim Burns, a partner at Deloitte and Touche, told silicon.com he believes such budgets were inflated by a propensity among technology vendors, sensing a gold rush, to slap stickers on all their products offering them as part of a compliance solution.

But he added that many CIOs will also have used compliance to get sign off from fearful CFOs and CEOs on other projects – further pushing the budget skywards. He said many of these facts may now start coming to light.

Burns said: "A lot of money was spent on SOX. And a lot of questions are now being asked about the value it delivered."

He added that the technology being billed as a compliance solution "is still very young" and still falling short of the mark, suggesting there will almost certainly have been some very costly mistakes made in buying IT 12 months ago.

Pat Gnazzo, compliance officer at CA, told silicon.com: "When you have salespeople out there selling compliance products and a CIO not seeing the issue from the perspective of a compliance officer, and telling them not to buy some of that garbage, then that's where you get the problem."

However, Burns said while vendor integrity and some political machinations at board level may have played a part they are merely part of a more problematic state of affairs whereby companies were ignorant of their business processes and their own requirements.

Earlier this year Jay Heiser, research vice president at Gartner, told silicon.com he expects to see "a SOX backlash" but Burns said few companies who understand the importance of compliance will begrudge effective spend in the area of risk.

He told delegates: "When we talk about risk the emphasis is on the downside but the exciting thing about risk is the return, the pay-off."

CA's Gnazzo is confident the situation will improve and companies will be able to rein in their compliance spend.

Gnazzo said: "Will the time come when Sarbanes-Oxley gets less expensive? Absolutely," adding that larger companies will be able to see what spend was necessary and what constituted wastage.

He added: "The bigger companies will be able to do that and the smaller companies will learn from them."

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Mark Crichard Doing business with citizen developers: Beware the legal pitfalls Legal Eye: Make sure your business is protected from potential hazards

Tim Ferguson How CIOs can achieve post-recession success Q&A: McKinsey & Company on living in the 'new normal' business world


  • Jobs
Revenue Analyst/Administrator

GAAP and Sarbanes-Oxley requirements. PO's against budget * Maintaining employees' benefits balance and monitor usage as per company policy * ...

Global Insurance provider seek a Sox / Compliance Co-ordinator

A multi-national Insurance company are looking for a Compliance and IT SOx Co-ordinator to join their Compliance Department. Desirable candidates ...

Compliance Officer - Regulatory Risk - London

Compliance Officer - Regulatory Risk - London Compliance Officer, Regulatory Risk, Asset Management, Investment Banking Key Skills - Compliance, Risk ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: