June 15, 2005

Thinking Outside the Sarbox

The other day I was reading the latest post from Nick Carr on his Rough Type site entitled The Sarbox Molehill. In the second paragraph he states:

These days, you hear the marketing pitch often: "Don't view Sarbox as just a compliance issue; use it as a lever to overhaul your systems and processes." In other words: Launch big IT projects now!

I have to disagree with his translation. While some sell-side individuals may try to position it this way, we shoud not lose sight of the fact that in compliance (Sarbox, HIPAA, GLBA - whatever) there is the potential for achieving so much more than compliance - BUT not requiring the launching of a big IT project. To agree with Nick's musings is to fall into the trap also expressed in his posting:

It was interesting, therefore, to hear the CIO of a leading manufacturer deflate the Sarbox hype during a panel discussion at a recent conference. So, she was asked by the moderator, do you view the compliance challenge as an opportunity to proactively make broader changes? No, she said calmly, we're just going to do the minimum we need to do to pass the legal tests, and then we're going to move on. Sarbox is a nuisance, she continued, but it won't be long before everyone's forgotten about it.

It's a sensible view, and my guess is that it's shared by more than a few of her counterparts at other firms - even though few would say so publicly.

This is not a sensible view but nonsense. Meeting minimal requirements will require some investment in technology. One need not go beyond any further investments in technology, necessarily, to gain additional business benefit. Innovative approaches to leveraging these technology investments do not require additional software/hardware investments, just a greater creative effort in system design and implementation.

Nick assumes that the compliance issue is a small one that is easily solved, and that anything beyone that automatically turns into a huge IT mega-dollar project. Imagine buying an automobile in order to take yourself to and from work each day. The imagine llimiting your usage of the vehicle to that purpose. Sure, you may have to invest in a bit more fuel, and a map or two - but that single initial investment could be leveraged to achieve school car pooling and cost-effective vacations. My experience has been that the investments made in content managment, process and security technologies that enable compliance are in and of themsleves fairly substantial. By thinking outside the "Sarbox", the functionality achieved can go way beyond just achieving compliance and can be used to increase internal efficiency, collaboration,  create new business value out of existing content. And all you need do is invest in a bit more fuel (creative thinking) and maps (strategy).

Posted by Carl Frappaolo on June 15, 2005 | Permalink | Comments (1) | TrackBack