Although 97 percent of providers polled view ongoing SOX compliance as a future business driver, sales to date have been lower than anticipated. Currently, companies are directing SOX compliance investments toward internal resources, such as analyzing regulations and documenting processes, or toward external auditors and risk management consultancies. META Group estimated that the internal analysis and documentation efforts account for an average of 75 percent of the total SOX compliance investment to date.
"Organizations are making significant investments to gain and evidence SOX compliance, but so far they have not been with the largest constituency of pro-Sarbanes-Oxley businesses IT product vendors," said Stan Lepeak, vice president with META Group's Technology Research Services. "It's important that the IT product vendors who are chasing the SOX rainbow take the time to develop solutions that are truly tied to compliance stipulations and requirements, not just warmed over IT solutions in a loose SOX wrapper."
Although IT product investments will increase in 2004, META Group believes that, for most companies, SOX compliance is a business process issue and that it is not predominantly tied to investing in more IT applications and systems.
For more information on Sarbanes-Oxley, read Parts 1 and 2 of the recent SDCExec.com series on Contract Management: Five Myths of Contract Management, and Contract Management: Improving Corporate Governance.
Other recent SDCExec.com articles on Sarbanes-Oxley: