Compliance is about more than Sarbanes Oxley these days but the phrase "SOX in a Box" still speaks to the software business' tendency towards hype and promises that can't be kept. In his audio interview with Dan Farber, Trent Henry puts forward a good way to view technology.
While much of the heavy lifting for compliance work falls to the CIO and the IT department, it's corporate leadership and the internal financial auditors whose butts are really on the line. That naturally leads to some tension within organizations.
One of the cornerstones of compliance is COBIT– the Control Objectives for Information and Related Technology – issued by the IT Governance Association. COBIT systematically analyzes IT and defines general control objectives, performance indicators and maturity models for IT.
Since the Sarbanes Oxley Act (PDF) became law in 2002, corporations have largely risen to the challenge of meeting the law's requirements - implementing technology, controls, and processes to succeed at SOX audits and allow top executives to comfortably approve financial statements.What's less well understood is that regulations like SOX are creating the opportunity for businesses to fundamentally improve risk management and IT governance.