This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."

Download it now to read this article plus other related content.

SOX Appeal

"After seeing what happened with Enron and Arthur Andersen, consulting firms were a little gun-shy about taking any semblance of a risk-based approach to audit," says Mike Nelson, president of SecureNet Technologies, an information security consulting shop in San Ramon, Calif. "They wanted to audit every single control to the nth degree. But, in the last year or two, the Public Company Accounting Oversight Board (PCAOB)"--the nonprofit created by the passage of SOX to oversee auditors--"has focused more on the areas of the enterprise that represent the highest risk of threat."

Subsequent SOX audits have made companies more savvy. "We have reduced our key controls by one-third, from 75 to about 50," cutting audit fees in half, says Hamid Mashouf, vice president of technology at bebe, the San Francisco-based women's clothing company, which has completed three audits. "We ratcheted back because some were not needed."

Even as SOX implementation work has waned, assessment is going strong.

"We think there are more than 6,000 non-accelerated filers out there, so the bulk of the marketplace for SOX compliance is in front of us," says Rick Dakin, president and founder of Coalfire Systems, a Louisville, Colo.-based auditor.

Ultimately, SOX set the stage for organizations to meet

    Requires Free Membership to View

more federal requirements. "My FISMA business is heating up," says Nelson. "SOX is cooling down."

Amy Rogers Nazarov is a freelance writer based in Washington, D.C.
Send comments on this article to feedback@infosecuritymag.com.

This was first published in January 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: