Supreme Court's SOX decision may be non-event for IT
Unless Congress creates 2.0 version of Sarbanes-Oxley, analysts say it should be compliance as usual
Computerworld - The U.S. Supreme Court's decision Monday on the Sarbanes-Oxley Act is unlikely to affect the jobs of IT managers, who have already spent bundles of money on software and staff time to ensure compliance with this 2002 law.
Sarbanes-Oxley, or SOX as it's widely known, was created in the wake of Enron and other financial scandals to impose a new series of reporting and audit requirements on companies. The law prompted IT departments to build new risk compliance, records management and security systems.
The high court decision simply gives the U.S. Securities and Exchange Commission the power to remove members of the Public Company Accounting Oversight Board "at will" instead of "for cause." The five member oversight board is charged with overseeing auditing firms.
Since shortly after its passage, SOX has "had a very significant impact on IT operations spending," said French Caldwell, an analyst at Gartner Inc.
For instance, Gartner in a 2005 study estimated that SOX mandates had led to an average increase of 3.3% in corporate IT costs. And, Caldwell added, "If you consider all the people in IT that have to spend some time on preparing for audits, it's [still] a significant part of the IT budget."
The 5-4 decision released by the high court on Monday makes what amounts to an administrative change to SOX that's unlikely to impact IT managers for better or worse, according to analysts and legal experts.
As far as IT spending on compliance goes, "they still got to spend it," said Roger Dennis, dean of the Earle Mack School of Law at Drexel University in Philadelphia. "All the other provisions of SOX remain in full force and effect," he said, as a result of the court's decision.
Although it is possible that Congress could try to use the Supreme Court ruling as a way reopen SOX and produce a less strict 2.0 version of the law, lawmakers now appear headed in the opposite direction -- aiming to impose more financial regulation, not less, on firms.
Citing work now underway in Congress on financial reform legislation, Chris McClean, an analyst at Forrester Research Inc., noted that "there is still a big appetite for financial reform."
Nonetheless, John Berlau, director of the Center for Investors and Entrepreneurs at the Competitive Enterprise Institute, which was a party to the case, remains hopeful that the decision will lead to some changes sought by the group. For example, he said he expects that the ruling will open some of the actions of the oversight board to "a significant number of challenges" because they were made by a body he said was found to be unconstitutional.
McClean said that from a risk management perspective SOX "has had a good impact on the way companies look at risk management and consider risk management in a lot of their business decisions."
Caldwell says a survey he is assembling is showing that increased IT purchases of software for enterprise risk management, and not Sarbanes Oxley.
Moreover, Caldwell points out that in many ways SOX has become just one more compliance burden for IT managers. The new compliance requirements are burdening IT, he said, adding that that an earlier estimate made by Gartner - that the number of regulations is doubling every six years - is holding true.
The lawsuit challenging SOX was filed by a group called the Washington-based Free Enterprise Fund, which describes itself as a non-profit interested in limited government. In papers filed with the court, the group contended that U.S. businesses spent $35 billion in compliance costs during the first year the Sarbanes-Oxley regulations were in place.
In the suit challenging the accounting board, the Free Enterprise Fund said that In 2003, its chairman received "an exorbitant" salary of $556,000, while its other four members were paid "a similarly excessive" salary of $425,000.
Patrick Thibodeau covers SaaS and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at @DCgov, or subscribe to Patrick's RSS feed . His e-mail address is email@example.com.
Read more about Gov't Legislation/Regulation in Computerworld's Gov't Legislation/Regulation Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Gov't Legislation/Regulation White Papers | Webcasts