Wednesday, November 09, 2005

Don't Just Focus on SOX!

I was a bit disturbed, though not surprised, by an article that I read in the financial Times last week. Public companies have become obsessed with bringing their IT departments into SOX compliance that they are overlooking a variety of other IT security risks. According to a recent security study by E&Y, most public y traded companies are focusing almost singularly on SOX, overlooking general IT security concerns.

This bit of news definitely bothered me. Public companies are spending so much time focusing on mechanically meeting the SOX standards proscribed by their auditors that they are not paying any attention to other critical business needs. What we are seeing, consequently, is the artificial compliance environment overshadow the market-defined business operating environment. Businesses have to eschew the needs determined by the market to focus on those imposed by the environment.

The result of this mess is a significant risk of fraud - which is what SOX set out to prevent! We are losing the war as we struggle to win the Sarbanes-Oxley battle.

Government-imposed priorities do not work in what is generally a free market economy. I will concede that what we have in the US is a hybrid economy, characterized fundamentally by free market characteristics. This makes sense. A truly free market is open to manipulation and fraud. Some artificial safeguards are of course necessary.

The corporate governance disasters of the past few years really do illustrate this point. Left to their own devices, companies will bend, break, or even maul the rules for the sake of financial gain. Enron, WorldCom, and Tyco demonstrate this fact. Auditors, of course, have become complicit in these efforts. Enron relied on Andersen's guidance, and a plethora of high net worth individuals accepted KPMG's help in dodging their tax obligations.

Some government oversight is necessary.

The goal should be to find a model in which oversight can be introduced without impeding the ability of companies to operate and respond to the market. As with everything, we need balance.