« AeA Hits Section 404 | Main | New Gilbane Report Covers Knowledge Management »

February 18, 2005

Is Sarbanes-Oxley Slowing IT Spending?

Yesterday I wrote about the new AeA report on the problems companies are encountering with Sabanes-Oxley Section 404. Another concern raised in the report has to do with innovation and IT spending.  Quoting from the report ...

Instead of taking a principles-based approach, COSO and COBIT provide a super-checklist for all companies, set a cookie-cutter approach for how one must run a business, and they create a limitless necessity to document, document, document, rather than to do, do, do.

The external auditing firms also come in for criticism in the AeA report for using "cookie-cutter" approaches.  One CFO quoted in the report complains about armies of auditors in their mid-twenties who know nothing about business and whose "judgment" is confined to whether or not they can check off a box on some list.

The fact that Big Four firms are reporting a doubling of auditing revenues, thanks to Sarbanes-Oxley, invites a cynical view of their situation.  But, a "big picture" take on the issue needs to consider the risks and incentives on the auditing side of the problem.  If something does go wrong, auditors know that shareholders will be coming after them for damages.  It is hard to see the upside for the auditor in being "reasonable" and in trying to consider the special circumstances of smaller companies.  (I am not arguing that the inability to deal with the special needs of smaller firms is "right" -- but simply that the auditors, too, are constrained by the business and litigious realities surrounding SOX.)

So ... what are the consequences of this "cookie-cutter" approach?  According to the AeA Report:

A specific example of the damage that this does relates to new IT productivity projects. The only way that U.S. companies successfully can compete with companies based in low-cost countries is to be more efficient. The key to greater efficiency is to invest in new and improved IT and automated systems. Because COSO requires an internal control to be 'mature' to be considered effective, it is not practical to implement major new IT systems in the third and fourth fiscal quarters because the control will not be mature.

Ouch!  Is this really happening?  Are readers finding that SOX Section 404 is turning into a moratorium on IT systems implementation for half the year?  Send me an email or add a comment ...

_______________________
Share or tag this post on:
Digg | del.icio.us | Google | Yahoo My Web | Reddit | Newsvine

Posted by Bill Zoellick at February 18, 2005 12:42 PM

Trackback Pings

TrackBack URL for this entry:
http://gilbane.com/blog/mt-tb.cgi/66

Listed below are links to weblogs that reference Is Sarbanes-Oxley Slowing IT Spending?:

» IT Security & Enterprise Architecture from Thinking Out Loud: Thought Leadership from an Enterprise Architect
Seemed like I stirred up some trouble in my last blog entry on IT security professionals. Guess some folks are offended that I referred to them as big fat idiots who are doing a disservice to the industry by blogging... [Read More]

Tracked on May 3, 2005 5:53 AM

Comments

One problem...small businesses aren't typically publically traded and thus SOX 404 wouldn't kick in.

Only if they were "divisions" of larger companies would this be an issue.

Posted by: Susan at February 21, 2005 9:56 PM

Post a comment

Thanks for signing in, . Now you can comment. (sign out)

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Remember me?