Gartner analyst French Caldwell has been covering governance, compliance and risk management since 2002. In a recent conversation with Baseline, he spoke about the regulatory developments affecting information-technology executives. Those include Section 404 of Sarbanes-Oxley, which requires public companies to have certain internal controls in place, and indications that the Securities and Exchange Commission and the Public Company Accounting Oversight Board (PCAOB) will relax some requirements for smaller companies
Baseline: Its been five years since the Department of Justice said it was investigating Enron. How much has the job of a technology executive changed because of that?
Caldwell: I talked to the CIO of a very large bank recently, and he said that 10 years ago his senior managers spent 10 percent of their time on compliance issues. Now they spend 30 percent of their time on compliance issues.
Technology executives in other industries are also spending an increasing amount of time on regulations. Theres a lot more attention around the actual control of the information and data, and what various people can do with the data. Thats the biggest change.
Baseline: Are there industries that arent going to be affected?
Caldwell: Not really. Sarbanes-Oxley applies to all [public] companies across all industries. That does leave out nonprofit organizations, privately owned companies and maybe some insurance companies that arent publicly traded. But theres a SOX knock-on effect, where all of those other entities are increasing their standards because of what their auditors and board members are doing with the publicly traded companies theyre involved with.