White Papers for Federal Information Security Management Act (FISMA)

Lessons Learned for SOX Compliance and Other Regulatory Challenges

Symantec

According to most estimates, first-year efforts to comply with the Sarbanes Oxley Act of 2002, widely known as “SOX,” tended to overcompensate by trying to cover too many controls. Stacks of manual assessments and spreadsheets were produced at a very high cost. According to Ernst & Young, first-year SOX filers spent 70 percent of their time resolving deficiencies in IT controls in order to pass SOX audits.1 In the second year of SOX activity, financial report filers still spent 60 to 65 percent of their time resolving IT deficiencies in order to pass SOX audits, and again experienced significant increases in personnel costs as they completed their final SOX audits.
Research reveals major success factors for SOX compliance Recent research conducted among organizations in North America and around the world helps illuminate what appears to be working when it comes to SOX compliance. Organizations with the least IT control deficiencies:
1. Deliver continuous training to employees while ensuring accountability with policy
2. Restructure the risk management function, internal controls, and IT security
3. Reallocate IT expenditures by shifting spending from consultants and contract labor to automated tools
4. Automate IT measurements, reporting, controls, change management processes, and IT security policies
5. Focus on managing risk to improve IT controls, information collection, and reporting

View the White Paper

Share or bookmarklet this web page at: