When it comes to Sarbanes-Oxley (SOX) compliance, at least, many compliance and security experts contend CIOs are actually insufficiently involved, and often supplanted by chief financial officers (CFOs). That doesn´t bode well for companies´ other compliance efforts.
According to Michael Rasmussen, the vice president for risk and compliance research at Forrester Research, “I do agree that the CIOs haven´t stepped up to bat, and they could have more influence and direction in Sarbanes-Oxley.” That´s especially true since companies increasingly implement automated IT controls – ideally, overseen by CIOs – to ensure compliance.
Did CIOs simply miss the boat on SOX? “I can´t disagree, just based on the number of individuals I´ve talked to in publicly traded companies, as well as from my experience at the SEC,” says Chrisan Herrod of Scalable Software, executive consultant for compliance solutions, and the former chief security officer of the U.S. Securities and Exchange Commission (SEC).Read Full Story