Should CIOs or CFOs Control Sarbanes Oxley Compliance?

The first Sarbanes-Oxley compliant SEC filings are due in the next few days, so next week’s newspapers should have some very interesting articles. Last fall, accounting firms warned that as many as 30 percent of companies would not be SOX compliant by the deadline. What the SEC does about it—if that predicted outcome proves true—will make great theater.

Meanwhile, I’m trying to develop an article examining the steps companies should take over the next few years. My position is that CFOs basically took over SOX, and forced their way to compliance through brute strength. Sure, CIOs and IT departments were involved, and yes, most companies used some sort of software, but for the most part compliance was led by finance, and was achieved by throwing people and money at the problem. (By the way, feel free to disagree with me—that’s why there is a comments section.) Hopefully, it got them where they needed to be, but in year two companies will be looking for a way to make compliance easy and repeatable. And I think that the only way to do that is through some sort of process automation.

So please do use that comments section to post a little about what your company is doing, what your company should be doing, or to point out anything stupid I may have said in this post. Have at it.