The sad thing about SOX (and I railed so much about it in 2006 and 2007) was it often was more as a reason to say no to many innovations - largely because auditors did not understand the proposals or it was outside their comfort zone. In the meantime, investments in SOX related controls and technology were pushed through with little consideration of ROI. So, compliance spend crowded out money that could have gone towards innovation. So, a double whammy...
Over the weekend I had a conversation with Dennis Howlett and Francine McKenna about whether auditors are keeping up newer issues coming up with SaaS and cloud computing - are the SAS 70 audits keeping up with unique multi-tenancy, virtualization, shared across customer asset issues? The initial answer that Francine summarizes here is - not really.
I sure hope we don't end up with a scenario where the auditors end up being the obstacle to adoption of SaaS and cloud computing because they don't understand them well enough. And worse, they come up the next-gen SOX which threatens to crowd out these newer waves of innovations...
Comments
A threat to clouds?
The sad thing about SOX (and I railed so much about it in 2006 and 2007) was it often was more as a reason to say no to many innovations - largely because auditors did not understand the proposals or it was outside their comfort zone. In the meantime, investments in SOX related controls and technology were pushed through with little consideration of ROI. So, compliance spend crowded out money that could have gone towards innovation. So, a double whammy...
Over the weekend I had a conversation with Dennis Howlett and Francine McKenna about whether auditors are keeping up newer issues coming up with SaaS and cloud computing - are the SAS 70 audits keeping up with unique multi-tenancy, virtualization, shared across customer asset issues? The initial answer that Francine summarizes here is - not really.
I sure hope we don't end up with a scenario where the auditors end up being the obstacle to adoption of SaaS and cloud computing because they don't understand them well enough. And worse, they come up the next-gen SOX which threatens to crowd out these newer waves of innovations...
A threat to clouds?
The sad thing about SOX (and I railed so much about it in 2006 and 2007) was it often was more as a reason to say no to many innovations - largely because auditors did not understand the proposals or it was outside their comfort zone. In the meantime, investments in SOX related controls and technology were pushed through with little consideration of ROI. So, compliance spend crowded out money that could have gone towards innovation. So, a double whammy...
Over the weekend I had a conversation with Dennis Howlett and Francine McKenna about whether auditors are keeping up newer issues coming up with SaaS and cloud computing - are the SAS 70 audits keeping up with unique multi-tenancy, virtualization, shared across customer asset issues? The initial answer that Francine summarizes here is - not really.
I sure hope we don't end up with a scenario where the auditors end up being the obstacle to adoption of SaaS and cloud computing because they don't understand them well enough. And worse, they come up the next-gen SOX which threatens to crowd out these newer waves of innovations...
July 10, 2008 in Industry Commentary | Permalink