Complying with the Sarbanes-Oxley Act presents any number of problems, depending on whom you talk to. In qualifying IT executives for this survey, we whittled down more than 600 original respondents to about 200 whose companies are required to comply with Sarbanes-Oxley, and who said they were knowledgable about their compliance efforts. Of those, the large-company CIOs present perhaps the most predictable picture. They tend to be the most confident about their compliance efforts, with both the budgets needed to make their compliance efforts succeed, and the IT systems, financial and otherwise, already in place to make the task go more smoothly. The small companies also share some qualities: They’re the most likely to say they won’t be in compliance with Sarbanes by their deadline, the most likely to cite budget problems as an obstacle to compliance, and thus the most likely to be doing the minimum to comply. The midsize firms, however, are all over the map. Of the three groups, they’re spending the smallest percentage of their overall budgets on compliance, yet they’re the most likely to be investing in financial reporting software and to say they expect business benefits from their compliance efforts. Companies of all sizes are optimistic about their compliance efforts; it’s less clear whether that optimism is justified.