News Stay informed about the latest enterprise technology news and product updates.

Survey sheds light on SOX spending

When it comes to SOX, many CIOs seem to miss the urgency.

Spam and the Sarbanes-Oxley Act (SOX) are registering much bigger blips on the radars of U.S. CIOs, according to a recent survey from the Society for Information Management.

SIM polled nearly 250 senior IT executives from its membership in North America.

Taking a stab at spam

Of the respondents whose companies have annual revenues of more than $1 billion, 75% have invested in antispam software.

Smaller companies are not far behind. Of the respondents whose firms have annual revenues of less than $1 billion, 70% have bought software to stem the surge of spam in company inboxes.

And the antispam software can't afford to take a break. Last month, three out of every four e-mails processed by e-mail security firm Postini Inc. was junk.

St. George Crystal Ltd. is a smaller firm that has invested in antispam software. Richard Service, CIO of the Jeannette, Pa.-based company, said he's spent about $1,000 on his e-mail system. He'd like to spend more.

"There are just too many other priorities," he said.

Service believes that the amount of spam is even higher than estimates like Postini's. He's worried that it may be a threat to e-mail itself.

"It's overwhelming -- there's so much. [I'm afraid] that it's going to get so bad [that] it's going to make e-mail useless," he said.

Henry Volkman, CIO of Lake Forest, Calif.-based Del Taco Inc., was slightly more succinct in an e-mail to

"I'm as impotent as everyone else in how to deal with this problem on my end," he wrote.

SOX and the CIOs

With the Nov. 15 deadline creeping up for compliance with Section 404 of the federal law, SIM asked its survey pool about their investments in SOX compliance. In the billion-plus club, 43% are not spending a dime on SOX, 29% are spending less than 1% of their budget on it and 18% are investing 1%-5%.

The sub-billion revenue companies in the survey are spending even less. Nearly 70% aren't investing anything on SOX compliance, 18% are spending less than 1% of their budgets and 11% are directing between 1% and 5% to the SOX cause.

CIO Bob Denis is spending more to comply with SOX than he is to spear spam. His company, Trimble Navigation Ltd. in Sunnyvale, Calif., is public and does less than $1 billion in annual revenue.

"SOX compliance is huge for us -- it's certainly approaching the million-dollar mark," he said. "Given our size, we're spending an enormous amount of time and money on it."

For those CIOs who may be low-balling the costs of compliance, Denis has an ominous message.

"You've got something coming," he warned.

"We're hearing stories that even certain auditors are dropping clients because they're not putting enough effort into it. Get serious about it."

This story originally appeared on

Dig Deeper on Security audit, compliance and standards

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.