Congress passed the Sarbanes-Oxley Act in 2002 to restore confidence after shareholders lost billions of dollars because of accounting fraud at companies such as Enron, WorldCom and Tyco. In reality, SOX was an attempt to legislate quality control regarding how publicly traded companies should be managed on a day-to-day basis. The Securities and Exchange Commission (SEC) requires all firms to document - and an external auditor to confirm - that adequate controls are in place to ensure that financial statements filed with the SEC paint a realistic picture for investors.

From the moment SOX was enacted, there have been heated discussions about providing relief for small to midsize businesses by relaxing requirements or exempting some of the rules. During the last three years, committees were formed, industry opinions were generated, and accounting firms requested a re-evaluation and review of the requirements. Finally, on May 17, SEC Chairman Christopher Cox announced that small companies would not be exempt from a key set of new post-Enron, investor-protection rules.

This was not what many executives and Congress expected to hear. It created a tremor that probably will end with Congress modifying SOX under legislation titled the Complete Act.

We are in the third year of SOX for the larger publicly traded companies, the second year for the foreign publicly traded companies and the first year for every publicly traded company with a market cap of $75 million or greater. In its May decision, the SEC extended the deadline for non-accelerated filers from July 15, 2006, to Dec. 16, 2006. Companies that held off filing in anticipation of a favorable ruling now have only a five-month reprieve to catch up.

In a previous column, I was not overly optimistic about the future of independent IT SOX auditors, because I felt the SEC chairman's ruling would put a damper on the amount of new audit work. The sticker shock from the costs of using external auditors for previous audits has not worn off, prompting companies to look into hiring additional internal IT auditors.

From all the activity I see in the employment marketplace, it seems the demand for IT SOX auditors has never been higher. This demand is fueled not just by the SEC ruling, but also by a series of identity thefts at major companies and by the public's mistrust of how securely its personal information is being stored.