- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
There's a forum on the Securities and Exchange Commission Web site where a company can comment on its experiences implementing the control provisions required by Section 404 of the Sarbanes-Oxley Act. Dozens of executives have filed comments - many of which describe unreasonably onerous, expensive compliance efforts.
"Based on our own experiences and the experiences of our peers, we believe that the effort and costs to comply with the standard have been extraordinary," said Paul Zeller, vice president and CFO of Imation in Oakdale, Minn., in a statement. "We have incurred approximately $1 million in external costs and substantially more in internal costs, such that total SOX costs approximate 5% of our 2004 operating income."
Qualcomm shares two years of SOX experience
Blue Rhino tackles SOX with tools on hand
Congoleum lays solid foundation for SOX compliance
William Krepick, CEO of Macrovision in Santa Clara, describes spending $1.1 million to hire outside consultants and $1.2 million to pay incremental audit costs to its public accounting firm during a two-year period that ended last March. In addition, the company has spent thousands of hours to implement Section 404, which has diverted attention from other company projects, according to Krepick.
"These distractions have resulted in delays in our investments in new projects and new technologies that would otherwise make our company more profitable and more competitive, which we believe our stockholders would rather have us focus on than creating massive amounts of paperwork to document SOX 404 compliance," Krepick comments.
Since the passage of SOX in 2002, companies have complained about the legislation designed to help restore investor confidence in the wake of accounting scandals at Enron and WorldCom. The source of many complaints is Section 404, which requires companies to attest to the effectiveness of internal controls to safeguard systems and processes related to financial reporting.
Under the SEC's two-tier approach, the largest public companies had to begin complying following their first fiscal year that ended after Nov. 15, 2004. The SEC extended the deadline for smaller public companies until July 2007, following a backlash from companies that said the requirements are too onerous.
Meanwhile, analysts have tried to come up with guidelines on how much it costs a company to comply with SOX. The rule of thumb has been an average of $1 million in SOX expenses for every $1 billion in revenue.
Those numbers have held fairly firm over the last couple of years, on average, but there's a lot of variation among companies when it comes to the effort and expense required to comply, says John Hagerty, an analyst at AMR Research.
"A lot of it has to do with how a company is organized," Hagerty says. "If a company is very centrally managed, then they do it once and it applies to everybody. If a company is decentralized, there's a very good chance they have to repeat the same process in every location."
If the IT manager is knowledgeable regarding Cisco technology, he would have 2 options. Option 1 - Consult...- Anonymous
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment