How Sarbanes-Oxley changed the information security profession


This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."

Download it now to read this article plus other related content.



Sarbanes acknowledges that initial costs were a huge burden because auditors were "crossing every 't' and dotting every 'i'," rather than concentrating on material risks.

"A lot of people told us once they go through [a compliance initiative], they think it's a worthwhile endeavor, and feel a lot more comfortable and secure with improved systems put into place," Sarbanes says. "We have to look at investments in better systems as capital investments in IT. You put a system in and it may cost you to put it in, but once in...the costs should decrease in subsequent years, and there's evidence that's the case. We've heard people complain about it to begin with and eventually, after they work through it and get systems in place, say this has benefited the corporation and [they're] in better control of operations."

Oxley says most of the Fortune 500 has come to terms with the legislation, and necessary expenditures and initial costs are coming down.

"Obviously our goal was to restore investor confidence, and I think there's no more objective way to measure investor confidence than the markets themselves," Oxley says. "The markets have respond- ed in a positive way to reforms. Investors are back

    Requires Free Membership to View

in the game, and that's all to the good. In terms of costs, such as WorldCom disappearing overnight, their stock went from $60 to $1; that was a $100 billion loss in one company. How many WorldComs can an economy afford going forward? If we're able to stop one WorldCom or Enron, seems to me that was money well spent."


Download the complete interview with Paul Sarbanes and Michael Oxley at searchsecurity.com/10thanniversary.


This was first published in January 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: