Compliance is good for business.

The Sarbanes Oxley (SOX) Act of 2002 was greeted with widespread condemnation when it was passed. Organisations everywhere complained that it was a bad law, pushed through as a knee jerk method of regaining the confidence of shareholders and customers, following a series of corporate frauds.

However, having to comply with business regulations and laws is not a new phenomenon. Financial services organisations, as they are forever pointing out, have always been heavily regulated, and there are many other governance and financial accounting laws around the globe. But SOX is the one that caught people’s attention, possibly because it affects anyone doing business in the US, and because of the speed at which it was passed. There was little time to meet with the regulations, and IT Directors moaned about all the extra work it would take to be ready.

But the main reason SOX has been such a positive force for IT directors is because the final responsibility for complying falls with the Chairman, CEO and the rest of the Board. SOX has forced the senior management executives of all those companies to really focus on technology, whether or not their CIO has a seat on the main board, in a way that no amount of internal communications or hybrid management skills could do, because they are the ones who go to jail if the company does not comply with the law.

So first SOX gave heads of IT the clout (and budget) to audit their IT systems, infrastructures and processes, and then they have been able to use what they discovered to improve efficiency, security and to improve productivity. Companies now know precisely what systems, and business processes, they have in place, which ones work, and which need modification, and are using them effectively, often streamlining processes at the same time. There has not been time to argue about the relative merits of whether or not to implement, consolidate or modify something, or to delay it until the next budget round. It has had to done, and organisations are reaping the benefits.

Many large organisations have admitted that they have a far better understanding of their processes and systems because of regulatory compliance, with many including BT and Corus saying they have turned the requirements into positive strategic actions. The new regulations ask for a methodical and measured approach, and can offer a different approach to providing IT to the organisation.

Beleaguered IT departments have become the darlings of the company, as first they took on the task of managing corporate governance for the IT infrastructure, and then often became the in-house experts for other parts of the business struggling to get to grips with new regulations. SOX has asked organisations to provide a great deal of detail – one IT director said SOX is the sledgehammer to crack a nut approach – but then many IT directors, and their CEOs have been pretty impressed with the results.

For many companies regulatory compliance is now part of everything they do, and has allowed the IT director to understand exactly what resources and processes an organisation has, and to begin to increase efficiency and throughput as a result. It is too soon to tell whether SOX will achieve what it was designed for, but it is already offering organisations unexpected benefits, and is offering CIOs and IT Directors the opportunity to take their place in strategic planning, and to widen their experience and skills portfolios.