SOX Cynics

Companies, mine included, use Sarbanes-Oxley to provide political coverage to implement what would otherwise be very unpopular decisions. Ultimately, it is cynical for companies to attach decisions to the Sarbanes-Oxley act which are not driven by the act. It undermines the (albeit small number of) positive benefits associated with the act. Ironically, the intention of the act is to hold companies to a higher standard then was evident at Enron. If change is required then the decision should stand on its own merits. The responsibility of leadership is to lead in a principled manner. Contriving a relationship between unpopular decisions and the Sarbanes-Oxley act of 2002 diminishes the act’s strength.

Recently, Computerworld published a very short article entitled “Sarbanes-Oxley Trumps IM at Some Firms”. In that article, Thomas Hoffman discusses companies which have removed Instant Messaging due to Sarbanes-Oxley concerns. Section 302 of the act is referenced as the cause for this change.

Section 302 of Sarbanes-Oxley requires CEOs and chief financial officers to certify that their companies have established internal controls and are regularly evaluating the effectiveness of the control measures.

Mr. Hoffman’s perspective is evident in the article: this is an overreaction to the act. In large part I agree with the author. There are though some nuances which should be considered.

The argument that IM is equivalent to a phone conversation ignores how the legal system works.

“You can’t control a phone call, so I don’t see what the difference is between IM and a phone call,” said Diana McKenzie, chairwoman of the IT group at Chicago-based law firm Neal Gerber Eisenberg LLP. “To me, it’s not logical.”

The transcript of an IM session would have a great deal more relevance than an individual’s recollection of a phone conversation. Imagine yourself in a scenario where each of your phone conversations was transcribed real time. Now imagine that transcribed conversation is illicitly sent to the public. It’s not pretty.

My company only supports IM within the firewall. The tool is available for use between associates but not as a tool with customers. That’s a pity but probably not a show stopper for a B2B. I don’t know how much longer you can avoid it if you are serving consumers. Many consumers expect this form of customer support. This is clearly one case where government regulations are hampering company’s ability to provide customer service.

%d bloggers like this: