Dave Bowser, information systems security manager at Kennametal, found big benefits during the second year of his company’s compliance with the auditing rules.
As told to Scott Berinato
Like most of you, I approached Sarbanes-Oxley compliance last year with a certain trepidation. Within many companies, there’s always resistance to change and fear of the unknown, and SOX fits those bills. Even in my own department, employees were a little apprehensive of what they perceived would be extra paperwork, more time required for approval, just more time to do everything. Outside the company, we worried about the auditors. Not because we worried we’d done something wrong; we simply didn’t know what they were looking for.
Despite our concerns, we survived year one of SOX compliance relatively unscathed. And here’s the best news: Contrary to popular opinion—that the addition of controls will inevitably slow you down—I see a strong correlation between efficiency and good controls. That’s right, for all the fretting over regulation, SOX compliance could be a good thing for information security.
See full Article.
Posts
