This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."
Download it now to read this article plus other related content.
MONEY WELL SPENT
Sarbanes acknowledges that initial costs were a huge burden because auditors were "crossing every 't' and dotting every 'i'," rather than concentrating on material risks.
"A lot of people told us once they go through [a compliance initiative], they think it's a worthwhile endeavor, and feel a lot more comfortable and secure with improved systems put into place," Sarbanes says. "We have to look at investments in better systems as capital investments in IT. You put a system in and it may cost you to put it in, but once in...the costs should decrease in subsequent years, and there's evidence that's the case. We've heard people complain about it to begin with and eventually, after they work through it and get systems in place, say this has benefited the corporation and [they're] in better control of operations."
Oxley says most of the Fortune 500 has come to terms with the legislation, and necessary expenditures and initial costs are coming down.
"Obviously our goal was to restore investor confidence, and I think there's no more objective way to measure investor confidence than the markets themselves," Oxley says. "The markets have respond- ed in a positive way to reforms. Investors are back in the game, and that's
| all to the good. In terms of costs, such as WorldCom disappearing overnight, their stock went from $60 to $1; that was a $100 billion loss in one company. How many WorldComs can an economy afford going forward? If we're able to stop one WorldCom or Enron, seems to me that was money well spent."
Download the complete interview with Paul Sarbanes and Michael Oxley at searchsecurity.com/10thanniversary.
This was first published in January 2008