Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Develop Your External Leadership Skills
A collection of essays from CIO Executive Council members on understanding and developing the external-facing leadership competencies of "customer focus," "commercial orientation" and "market knowledge." CIOs from Best Buy, Universal Orlando Resort, Direct Energy and others describe how they have learned to anticipate customer needs, become market savvy and identify and enable commercial opportunities.
The CIO Paradox: Is IT Set Up to Fail? - FREE Webcast Jan. 19th
CIOs run what may well be the toughest function in the business, with end-to-end responsibilities across multiple levels of infrastructure, data management, processes and people. Yet you spend inordinate amounts of time justifying your existence. Join your fellow CIOs in this town-hall-style CIO Executive Council teleconference on rethinking IT governance, re-educating CEOs on IT value and enabling the profession to attack and defeat this "CIO Paradox."
Characteristics of Transformational Leaders - FREE Webcast Jan. 7th
Leaders come in all shapes, sizes and personalities. However, most great leaders share key traits which allow them to transform their organizations. Learn about some of these traits, how they manifest themselves in the workplace and how you can work towards adding them to your repertoire. Our seminar leader is Larry Bonfante, CIO of the U.S. Tennis Association.
Learn more about the CIO Executive Council »
SOX and Micromanagement
How regulations are used as an excuse for costly disempowerment.
January 31, 2007 — CIO —
Last night on the airplane, the fellow sitting next to me spoke candidly on the condition that I’d mention his son’s name in print. Hi, Brian!
He also demanded anonymity. We’re not talking about a national political intrigue here, but the facts are disturbing.
Wallace (not his real name) is an ERP consultant. On his last two projects—major implementation programs in two different huge corporations—he conservatively estimated that one-third of the costs of the project were wasted in the name of Sarbanes-Oxley (SOX) compliance.
That’s a 50 percent increase in project costs over what they otherwise would have been! I was skeptical. Sure, there are costs of compliance with all regulations. But “wasted”? Corporate accountability isn’t a waste.
No, he protested. He insisted he wasn’t talking about the costs of complying with SOX. Rather, he was saying that these companies could have complied to the same degree for far less money. Now he had my interest. As I probed, I learned that the real issue was not SOX, but instead was micromanagement.
<> Let’s look at how SOX and other regulatory requirements are sometimes implemented in a way that”s disempowering and expensive.Two Dimensions of SOX Compliance
As with many regulations, SOX generates two distinct requirements. On one hand, it causes clients to buy applications from IT that help them report data in a truthful, transparent and timely manner. From the IT perspective, this is nothing more than a driver of systems requirements. The regulation generates “sales” for IT internal service providers, at a cost to the company. But one would expect that clear data should be useful to leaders and shareholders as well as regulators, so the cost of these systems isn’t a total waste.
On the other hand, SOX (and other regulations such as validation in the pharmaceuticals industry) requires that IT produce documentation of its development and testing processes, among other internal controls. These are additional work products—“artifacts” if you like buzzwords—that become another deliverable inherent in any development project affected by the regulations. And of course, they have a cost too.
But again, documenting processes isn’t a total waste. Doing so should help IT improve its processes and produce better and more maintainable systems.
The waste that Wallace was talking about is more subtle.
The End Does Not Justify the Means
Wallace gave me an example. In the name of SOX compliance, one of the companies that Wallace had mandated the use of a specific documentation method, UML (Unified Modeling Language), for all systems built by IT. UML, incidentally, is an excellent way to describe an object-oriented system’s specifications.
Connecting Capital Planning, Construction, and Everything in Between
How to Accelerate ROI on Governance
Web Service Quality for SOA
Bridging the IT Visibility Gap in Complex Composite Applications
Maximize the Mobile Web Opportunity
Don't Sacrifice Speed
Top to Bottom Performance Management Excellence at the City of Chicago
Unleashing the Power of Customer Data
Does Your Network Let Customers Drive Your Business?
The Innovation Quotient
Networked for Success - Insights from Qwest
Make Smarter Business Decisions with Root Cause Analysis
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
UTStarcom to Pay US Fines for Bribing Chinese Carriers
Clearwire Stayed Ahead in Big Year for WiMax
India Delays Mobile Number Portability Plan to March
LG Develops Cell Phone for US Mobile DTV Standard
Intel to Chip Away Despite Legal Issues
FCC Moves Toward Net Neutrality Rules
China Starts Restoring Internet in Divided Muslim Region
Apple Censors Dalai Lama IPhone Apps in China
Broadcom to Settle Options Backdating Lawsuit for US$160.5M
Chinese Gear Boosts African Telecom Networks, Draws Fire
