Editorial: May 2004
Modernizing Authentication — What It Takes to Transform Secure Access
In this month's Expert Voices, Laura Unger, the former acting head of the Securities and Exchange Commission, speaks of the hope on the part of the commission that the Sarbanes-Oxley Act will help instill in corporate America a "culture of compliance." The nonconformists out there may bristle at the phrase, but the goal is a laudable one. Who among us, whether we be shareholders, employees or other corporate stakeholders, wouldn't want the companies we work for, and invest in, to hold themselves to high standards of honesty, integrity and transparency.
The operant word is not so much "compliance" as "culture." Anyone who's read even one of the many books already published on the subject of the recent corporate scandalsabout Enron, WorldCom, Arthur Andersen or AOL Time Warnerknows that the actions of the executives involved did not take place in a vacuum. These organizations had created cultures in which playing fast and loose with the rules, withholding information and putting personal ambition over the good of the company wasn't just tolerated; it was rewarded. Yet there are just as many companies out there, large and small, whose employees abide by strict guidelines of personal and corporate behaviorand do quite well, thank you.
This issue of CIO Insight is devoted entirely to how the Sarbanes-Oxley Act will affect corporate IT. It includes profiles of forward-thinking CIOs and their approach to the act, interviews with experts on what to expect in the way of enforcement, articles on the limits of automating compliance, research on CIOs' compliance practices, and analysis of specific compliance-related technologies such as document management.
The gist: Going beyond the minimum effort, in analyzing, updating and documenting business processes and financial controls, can pay off in added business value. And it can help establish the corporate limits of acceptable behavior by instituting guidelines and alerts that can warn of dubious behavior. But it will take work. And just as there's no such thing as 100-percent guaranteed security technology, all the technology in the world won't guarantee Sarbanes-Oxley complianceor paper over the sins of a corporate culture that's inherently antithetical to compliance.
This special issue of CIO Insight also marks the third anniversary of the magazine. The staff of CIO Insight would like to thank our readers for their strong support and thoughtful feedback. We look forward to an ongoing dialogue with you as we all strive to understand and benefit from the role of information technology in a rapidly changing world.