Sarbanes-Oxley-compliant organizations are starting to back up vendor claims that compliance management practices are producing benefits beyond compliance.
A lot of the common wisdom being offered by analysts, vendors, and even some users is that the new technology deployed and the new processes and policies put in practice to comply with regulations like Sarbanes-Oxley will ultimately yield other benefits and a return on investment for the organization.
Is this really the case? According to our last quick poll, it's starting to look like there may be something to the rumor of positive returns on SOX related spending. But it still might be too early to tell.
For now, the yeas outweigh the nays. Twenty-six percent of the 105 respondents said that, all things considered, the internal controls mandated by SOX delivered a positive return on investment. Seventeen percent of the respondents indicated no measurable benefit (aside from compliance) from their SOX investments.
Another 10 percent said SOX spending was a breakeven effort and called it a wash. But the plurality of respondents (49 percent) said it is still too early to tell whether their SOX investments will yield a return.
There could be many reasons for this. First of all, many companies are not done spending. Compliance is a new process for most enterprises and getting it to work efficiently is also a process. Second, many companies are still going through their audits and don't have their heads up high enough to see the big picture.
But as Ventana Research's Robert D. Kugel pointed out in his Intelligent Enterprise article The Silver Lining In SOX, improving data quality and consistency and speeding up reporting processes have a slew of benefits that extend beyond compliance. According to Kugel, the more formal control environment of SOX gives companies an opportunity to make their IT systems more useful, enhancing the effectiveness of the finance organization and the entire company.
And the financial transparency that results from compliance enables managers to make more timely decisions and plan more effectively. In turn, this enhances stock performance, management credibility and company reputation.
The most formidable hindrance to realizing the benefit of SOX-related changes may be the corporate willingness to just go for it and adapt the financial systems rather than doing just enough to comply with the regulation.
We'll take a similar poll in about six months and see which direction the too-early-to-tell group has shifted. Until then, automation seems to be the key.
Mitch Irsfeld is Editor of Compliance Pipeline, a sister site to Business Intelligence Pipeline.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.