Solution Centers

MORE

Everything Else

Virtual Conferences

Security Directions
On demand until December 30, 2009

Navigating Through Dynamic Times by Cisco
On demand until November 20, 2009

Ways to connect with CIO

all RSS RSS Feeds

Subscribe to All of CIO.com

Subscribe to Mobile

Subscribe to Web 2.0

Subscribe to Careers

Subscribe to ERP

CLOUD COMPUTING

Drilldowns

Beats

Cisco Undervalues Tandberg, Investment Firms Say

TECHNOLOGY
- Infrastructure
  - Cloud Computing
  - Network
  - Security
  - Client
    - Desktop
    - Laptop
    - Laptop - Macbook
    - PDA
  - Server
    - Load Balancing
  - Mobile
  - Operating Systems
    - Windows
    - Windows - Vista
    - Linux
    - Mac
    - Mac - Leopard
    - Unix
    - Other
  - Data Center
  - Virtualization
- Applications
- Development
  - Open Source
  - Eclipse
  - Java
  - .NET
  - Agile
  - Web Services
- Architecture
  - Enterprise Architecture
LEADERSHIP

IT DRILLDOWN

Cloud Computing

CIO Enterprise Newsletter

NEWSLETTERS

CIO.com updates, insights and advice on technology, management and your career.

LEADERSHIP

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

CIO Executive Council

A Peer-Advisory Service and Professional Association for CIOs

Public Council Teleconference: Application Rationalization — Hidden Costs and Smart Decisions

November 17 at 11:00 am US/Eastern (GMT-5)

Join Honorio Padrón, of The Hackett Group, who will share the drivers for companies to tackle application rationalization and the results of research that define the hidden cost of complexity. Additionally, we will discuss key decision milestones—to start or not, holding the course steady and fulfilling expectations.

Virtual Desktop Cost-Benefit Analysis — Michael Jacobs, Catlin Group

The analysis contained in this presentation measures the cost of everything from the machines and licenses to the infrastructure for virtual vs. traditional desktop environments.

Honor your best senior team members - Apply for the CIO Ones to Watch Award

Get well-earned public recognition for your top up-and-coming team members, your IT organization and your enterprise. Award winners will be announced, publicized and feted in May 2010, great timing to help attract new IT recruits to your company.

More / Register »

Learn more about the CIO Executive Council »

RESOURCE CENTER

buy a link »

Beneath The Buzz

SOX and Micromanagement

How regulations are used as an excuse for costly disempowerment.

Leave a comment

By N. Dean Meyer

January 31, 2007 — CIO —

Last night on the airplane, the fellow sitting next to me spoke candidly on the condition that I’d mention his son’s name in print. Hi, Brian!

He also demanded anonymity. We’re not talking about a national political intrigue here, but the facts are disturbing.

Wallace (not his real name) is an ERP consultant. On his last two projects—major implementation programs in two different huge corporations—he conservatively estimated that one-third of the costs of the project were wasted in the name of Sarbanes-Oxley (SOX) compliance.

That’s a 50 percent increase in project costs over what they otherwise would have been! I was skeptical. Sure, there are costs of compliance with all regulations. But “wasted”? Corporate accountability isn’t a waste.

No, he protested. He insisted he wasn’t talking about the costs of complying with SOX. Rather, he was saying that these companies could have complied to the same degree for far less money. Now he had my interest. As I probed, I learned that the real issue was not SOX, but instead was micromanagement.

<> Let’s look at how SOX and other regulatory requirements are sometimes implemented in a way that”s disempowering and expensive.

Two Dimensions of SOX Compliance
As with many regulations, SOX generates two distinct requirements. On one hand, it causes clients to buy applications from IT that help them report data in a truthful, transparent and timely manner. From the IT perspective, this is nothing more than a driver of systems requirements. The regulation generates “sales” for IT internal service providers, at a cost to the company. But one would expect that clear data should be useful to leaders and shareholders as well as regulators, so the cost of these systems isn’t a total waste.

On the other hand, SOX (and other regulations such as validation in the pharmaceuticals industry) requires that IT produce documentation of its development and testing processes, among other internal controls. These are additional work products—“artifacts” if you like buzzwords—that become another deliverable inherent in any development project affected by the regulations. And of course, they have a cost too.

But again, documenting processes isn’t a total waste. Doing so should help IT improve its processes and produce better and more maintainable systems.

The waste that Wallace was talking about is more subtle.

The End Does Not Justify the Means
Wallace gave me an example. In the name of SOX compliance, one of the companies that Wallace had mandated the use of a specific documentation method, UML (Unified Modeling Language), for all systems built by IT. UML, incidentally, is an excellent way to describe an object-oriented system’s specifications.

1 | 2 | 3 |next page »

Print

Share [+]

RELATED ARTICLES

How to Get a Seat at the Sarbox Compliance Table

TOOLS

Comments

LinkedIn

RELATED

WHITE PAPERS

Best Practices to Mitigate Risk

Make SOX Efforts More Effective

Connecting Capital Planning, Construction, and Everything in Between

Finding and developing delivery efficiencies and increasing project productivity through the use of technology facilitate: proactive project management, risk management, the automation of key AEC business processes.

How to Accelerate ROI on Governance

Better manage GRC to focus on the strategic projects that will help your business succeed.

The Tripwire HIPAA Solution

Learn how Tripwire Enterprise helps meet the detailed technical requirements of HIPAA.

Beyond PCI Checklists: Securing Cardholder Data

How do organizations pass their PCI DSS audits yet still suffer security breaches?

PCI Compliance

This paper explains how Red Hat technologies can meet or exceed the various requirements of PCI Compliance.

WEBCASTS

Enhance SAP

New research from AMR shows that SAP environments can be dramatically more efficient with the addition of document ...

IT Consolidation Made Easy

The Primary IT Initiative for Reducing Costs

Taking a Seat at the Executive Table: The Reality of Virtualization

This year, for the first time, the number of virtual machines is on track to exceed the number of physical machines...

Who Are the Data Center Leaders?

Today's data center is still very much a heterogeneous environment. Gabriel Consulting recently surveyed over 250 d...

SharePoint - Unchecked growth of content is unsustainable - now what?

Recent research has confirmed that it has become critical for IT leaders to reclaim authority over the SharePoint c...

Unleashing the Power of Customer Data

To hear how companies use feedback from their clients to develop business strategy, watch our video.

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

Update Fixes IPhone Sync Problem with Windows 7 for Some

Cisco Undervalues Tandberg, Investment Firms Say

Exchange 2010: Why I'm Using It to Say Bye-Bye BlackBerry

Four Reasons to Buy (and One Reason to Avoid) the Droid

Data Center Start-Up Offers Energy Saving Software

US Lawmakers Propose Changes in Telecom Subsidies

Microsoft Office Battles Google in the Cloud

Droid Launch Draws Tech-Savvy Crowd to Verizon Store

Cisco Undervalues Tandberg, Investment Firms Say

The Search Market Created Microsoft's Worst Enemy

WHITE PAPERS

Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs

The Capital Delivery Revolution and Technology: Connecting Capital Planning, Construction, and Everything in Between

How to Accelerate ROI on Governance, Risk and Compliance Initiatives

The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164

Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring

PCI Compliance with Red Hat Enterprise Linux

Ensuring Web Service Quality for Service-Oriented Architectures

Composite Application Management: Bridging the IT Visibility Gap in Complex Composite Applications

Service Level Management Best Practices Service Level Reporting and Communication

The Total Economic Impact™ of the Informatica Platform and Integration Competency Centers

Cutting the Cost of Enterprise Databases

Selective Sourcing: The CIO Calls the Shots

Advancing Innovation, Controlling Costs

Gaining the Performance Edge Using a Column-Oriented Database Management System

10 Ways Excel Drives More Value from Your SAP Investment

WagerWorks Takes Fraudsters Out of the Game Using iovation

Adobe LiveCycle Solutions for Business Process Automation

Adobe® LiveCycle® Solutions for Intuitive User Experience

Now available: Global Report on Green IT

Why an Enterprise Project Portfolio Management, EPPM

More White Papers »

FEATURED SPONSORS

SPONSORED LINKS

Webcast: Unleashing the Power of Customer Data

Disciplined Autonomy: Resolving the Tension Between Flexibility and Control

Enterprise Capture: Your Onramp to Business Process Automation

Cloud Computing--What is its Potential Value for Your Company?

Seven Design Requirements for Web 2.0 Threat Protection

How Consumerization of IT Will Make Your Business More Productive

How does a software company save big with Green IT?

Translate business strategy into IT strategy and obtain maximum benefits.

eBook: How Can You Make Your People Productive Anywhere?

Mind the Talent Gap: Global Survey on IT and HR trends and challenges

"Enterprise-Proven" is the Prerequisite for Enterprise SaaS Portal Solutions

Join us at the US-Brazil IT-BPO Summit, on November 10th in New York.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion

Read the RSA report: Security for Business Innovation

Webcast: Looking to the Cloud for Email and Collaboration Services

64-page prescriptive guide to security, compliance, and IT operations.

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

A new fleet of PCs with a total ROI in 10 months. Find your ROI.

eZine: A Roadmap to Reducing IT Complexity

Reduce risk, gain agility. See how Progress can help your business.

Virtualization Technology as a Business Solution

eZine: A Roadmap to Reducing IT Complexity

World-class trading technology solutions from NYSE Technologies.

If You're Paying for Telecom, You're Paying Too Much. Contact Asentinel Today.

Trade-In your old printer and save up to $1,000 plus free recycling!

Learn How Web Site Performance Impacts Shopper Behavior

Build a Foundation for Unified Communications

Removing the Barriers to IT Governance: How On-Demand Software Changes the Game

Should Your Email Live In The Cloud? A Comparative Cost Analysis

Learn about the growing threat of insider data theft.

Adobe® LiveCycle® solutions for business process automation

10 Ways Excel Drives More Value from Your SAP Investment

The Key to Proving and Improving the Value of IT to the Company

Unleash the Power of Java with Oracle JRockit Real Time

Taking the Service Desk to the Next Level

See how AT&T can help protect your network.

Top Five CIO Challenges

Streamline IT Costs. Boost Performance with WAN Optimization.

Want to know how you can maximize employee productivity?

Build your 1st app FREE with Force.com

TDWI checklist helps define data readiness for analytics. Download report.

Increase UPS efficiency without sacrificing protection.

A Clear View Toward Virtualization

Virtualization Technology as a Business Solution

The rules of infrastructure management just changed.

A Clear View Toward Virtualization

Interactive Q&A helps you discover key ways to maximize IT assets.

Ready to virtualize tier one applications? Check your virtualization maturity.

Think you can't afford a Cisco Switch? Cisco Catalyst Switches are now more affordable.

Five minute business analytics assessment. Immediate results.

© 1994 - 2009 CXO Media Inc.