Use the investment in SarbOx to weed out fraud and optimize business processes.
Analysts say it will take at least another year or two before companies can expect to see significant reductions in their SarbOx investments. Until then, says Frank of the Open Compliance and Ethics Group, "The fundamental question is: If you're going to make this investment anyway, how do you do it so it reaches some broader corporate objective?"
Though it is difficult to find concrete examples of companies leveraging the investment in SarbOx to achieve some greater business benefit, analysts say companies are often able to optimize the business processes they've documented.
One manufacturing company, for example, used the information it had gathered through its SarbOx documentation process to evaluate the performance of each of its plants. The company discovered that while most plants had a product rejection rate of 5 percent, one plant's rate was as high as 15 percent. Further investigation revealed that the problem was not mechanicalemployees were stealing products off the line and selling them on the black market.
SarbOx supporters say examples like this prove the need for Sarbanes-Oxley. Controls at many companies have been lax for decades, a trend that led to the corporate fiascos like Enron, WorldCom, et al. But Gartner's Leskela, who readily admits that SOX has tightened up corporate controls, isn't so sure that it has improved investor confidence. "I don't think SOX has done anything to restore confidence in the market; that's not clear at all," he said.
For smaller companies like Blue Rhino, the impact that high compliance costs can have on shareholder value can be more threatening than an SEC investigation, said Travatello. "Say a stockholder is looking to invest some money. He sees that Company A's shares went up 20 percent per year but didn't pass SOX, while Company B's stock dropped but passed with flying colors. What's the better value for him? I don't have confidence that the SEC can pull this off properly for everyone. The bottom line is that a couple of jerks at Enron have screwed up the whole world."
The Role of Standards in Cloud Security
Security is often cited as a primary cause for concern...Watch Now
Ensuring Resources for Mission Critical Workloads
Application workloads can thrive in cloud environments,...Watch Now
Improving Security in the Public Cloud
One of the main concerns about moving data to a public...Watch Now