BillCan's Place

Life at Microsoft

Blogs

Regulatory Compliance Question

  • Comments 1
  • Likes

During my career, I have been on three sides of the SOX issue:

  1. At Ernst & Young I was worried about how to audit for SOX compliance
  2. At my previous employer I was an application owner that had to fill out the SOX compliance questionnaires and ensure my application had appropriate controls in order comply with the regulations (and pass the audit!)
  3. Now I work for a technology company that is in a position to offer solutions that can help make it easier for companies to comply with SOX and other regulations

This leads me to a question: For those of you out there that are dealing with SOX, GLBA, etc., what would make your task easier?  My group is looking at what Microsoft could do to make the task of compliance less burdensome, and would really like your input.  By the way, answering "Provide an extra headcount to fill out questionnaires" is not something Microsoft can do! ;-)

You can respond by either sending me a note using the "Contact" link or post a comment to this post.  Thanks for your input!

Comments
  • Hi Bill,

    This is slightly unrelated, but I wondered if you happened to catch the Charlie Rose interview with HBS professor William Sahlman? I was pretty drowsy by the time the show came on (12am), but they got off on a side discussion about SOX that was really insightful. Worth watching if you can find a recording.

    The specific points (I can remember) Sahlman made were:

    1. SOX is a mistake brought on by a reaction to regulate company processes in response to accounting scandals and misses the point by not focusing on the causes that incented the misconduct in the first place.

    2. In a cynical view, SOX has enriched the very firms who were complicit in the accounting scandals SOX is supposed to address.

    3. The goal of completely meeting SOX compliance requirements is impossible and there is a "rush to the bottom" as companies push the minimum they can get away with. With compliance being as subjective as it is now, it's not clear what incentives there are to do more than the bare minimum.

    4. Lastly, SOX is going to force a lot of companies to reconsider being public given the overhead of meeting compliance requirements. SOX is expensive, hence all the excitement in the consulting world -- yea! our next Y2K?

    I'm sorry to hijack your post, but I thought his points were relevant and applicable to thinking about the SOX solution.

    Are you going to post the reponses you've receieved so far?

    Happy New Year!