« Re: Remove Forebrain and Serve: Tag Clouds II | Main

June 15, 2005

Thinking Outside the Sarbox

The other day I was reading the latest post from Nick Carr on his Rough Type site entitled The Sarbox Molehill. In the second paragraph he states:

These days, you hear the marketing pitch often: "Don't view Sarbox as just a compliance issue; use it as a lever to overhaul your systems and processes." In other words: Launch big IT projects now!

I have to disagree with his translation. While some sell-side individuals may try to position it this way, we shoud not lose sight of the fact that in compliance (Sarbox, HIPAA, GLBA - whatever) there is the potential for achieving so much more than compliance - BUT not requiring the launching of a big IT project. To agree with Nick's musings is to fall into the trap also expressed in his posting:

It was interesting, therefore, to hear the CIO of a leading manufacturer deflate the Sarbox hype during a panel discussion at a recent conference. So, she was asked by the moderator, do you view the compliance challenge as an opportunity to proactively make broader changes? No, she said calmly, we're just going to do the minimum we need to do to pass the legal tests, and then we're going to move on. Sarbox is a nuisance, she continued, but it won't be long before everyone's forgotten about it.

It's a sensible view, and my guess is that it's shared by more than a few of her counterparts at other firms - even though few would say so publicly.

This is not a sensible view but nonsense. Meeting minimal requirements will require some investment in technology. One need not go beyond any further investments in technology, necessarily, to gain additional business benefit. Innovative approaches to leveraging these technology investments do not require additional software/hardware investments, just a greater creative effort in system design and implementation.

Nick assumes that the compliance issue is a small one that is easily solved, and that anything beyone that automatically turns into a huge IT mega-dollar project. Imagine buying an automobile in order to take yourself to and from work each day. The imagine llimiting your usage of the vehicle to that purpose. Sure, you may have to invest in a bit more fuel, and a map or two - but that single initial investment could be leveraged to achieve school car pooling and cost-effective vacations. My experience has been that the investments made in content managment, process and security technologies that enable compliance are in and of themsleves fairly substantial. By thinking outside the "Sarbox", the functionality achieved can go way beyond just achieving compliance and can be used to increase internal efficiency, collaboration,  create new business value out of existing content. And all you need do is invest in a bit more fuel (creative thinking) and maps (strategy).

Posted by Carl Frappaolo on June 15, 2005 | Permalink | Bookmark This

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a00d83420169b53ef00d834866c3c69e2

Listed below are links to weblogs that reference Thinking Outside the Sarbox:

Comments

CARL: re -"Meeting minimal requirements will require some investment in technology. One need not go beyond any further investments in technology, necessarily, to gain additional business benefit. Innovative approaches to leveraging these technology investments do not require additional software/hardware investments, just a greater creative effort in system design and implementation."

Totally true, I agree.

The proclivity of big American organizations to promote into decisionmaking positions people who have binary thinking syndrome (either/or, good/bad, all/none) like the manufacturing company CIO referred to above guarantees weak-minded designs and brittle outcomes.

Yes, Sarbanes-Oxley was designed as pure overhead, to restrict widespread wrongdoing even among the big minority of organizations that didn't or wouldn't indulge in ther wrongdoing. Like banning heroin use (the majority of us don't and wouldn't, even if not regulated, but the laws apply to that wide swath of us who wouldn't anyway).

Unhealthy decisionmakers look at the endeavor and decide to figure out how to not do it or just do the minimum.

Healthy decisonmakers realize it's an opportunity. I have to do this thing anyway -- ¿what value can I squeeze out of it? ¿What knowledge am I going to gather in having to do this and what might I do to turn that into productive advance? What beneficial side-products can I generate from the act of doing this that require no additional effort?

That CIO sounds like a person who doesn't think to stop at the post office on the way to the grocery store, leaving it for a separate trip. Your autombile analogy is a bulls-eye for The Nick Cognate.

Posted by: jeff angus | Jun 23, 2005 10:47:44 AM

The comments to this entry are closed.