Survey sheds light on spam, SOX spending

By Ed Parry, News Editor 04 Oct 2004 | SearchCIO.com

Digg This!     StumbleUpon     Del.icio.us

SIM polled nearly 250 senior IT executives from its membership in North America.

Taking a stab at spam

Of the respondents whose companies have annual revenues of more than $1 billion, 75% have invested in antispam software.

Smaller companies are not far behind. Of the respondents whose firms have annual revenues of less than $1 billion, 70% have bought software to stem the surge of spam in company inboxes.

And the antispam software can't afford to take a break. Last month, three out of every four e-mails processed by e-mail security firm Postini Inc. was junk.

St. George Crystal Ltd. is a smaller firm that has invested in antispam software. Richard Service, CIO of the Jeannette, Pa.-based company, said he's spent about $1,000 on his e-mail system. He'd like to spend more.

"There are just too many other priorities," he said.

Service believes that the amount of spam is even higher than estimates like Postini's. He's worried that it may be a threat to e-mail itself.

"It's overwhelming -- there's so much. [I'm afraid] that it's going to get so bad [that] it's going to make e-mail useless," he said.

Henry Volkman, CIO of Lake Forest, Calif.-based Del Taco Inc., was slightly more succinct in an e-mail to SearchCIO.com.

"I'm as impotent as everyone else in how to deal with this problem on my end," he wrote.

SOX and the CIOs

With the Nov. 15 deadline creeping up for compliance with Section 404 of the federal law, SIM asked its survey pool about their investments in SOX compliance. In the billion-plus club, 43% are not spending a dime on SOX, 29% are spending less than 1% of their budget on it and 18% are investing 1%-5%.

For more information Another SIM survey says SOX is bringing business and IT together Read why one analyst thinks SOX helps business and IT align SOX is a hot topic when CIOs get together Read more on how CIOs bond over SOX Check out these three things you need to know about SOX

The sub-billion revenue companies in the survey are spending even less. Nearly 70% aren't investing anything on SOX compliance, 18% are spending less than 1% of their budgets and 11% are directing between 1% and 5% to the SOX cause.

Cal Braunstein, CEO and executive director of research for Robert Frances Group, was surprised to hear that such a high percentage of firms, particularly the large ones, have spent nothing at all on compliance.

"That percentage is a bit high considering what's being asked of most companies," he said. A lot of SOX money may be coming out of the CFO's or auditor's office and not hitting the IT budget, he added. But Braunstein still expected to hear that more firms were spending at least something on SOX compliance.

CIO Bob Denis is spending more to comply with SOX than he is to spear spam. His company, Trimble Navigation Ltd. in Sunnyvale, Calif., is public and does less than $1 billion in annual revenue.

"SOX compliance is huge for us -- it's certainly approaching the million-dollar mark," he said. "Given our size, we're spending an enormous amount of time and money on it."

Evidently, Denis is ahead of the curve. Braunstein said that -- much to his amazement -- CIOs are still asking him what Sarbanes-Oxley is. "CIOs shouldn't be asking this now -- they should be finished with it," he said.

Braunstein added he understands that smaller companies are hesitant to spend on SOX compliance (assuming they know about the law). He also thinks that IT is the last department to be brought into the compliance loop, leaving CIOs with a load of last minute work. The key is for CIOs to get involved from the get go -- whether they've been invited or not.

"I'd want to go out and proactively make sure I'm protected," Braunstein said. "There's no way the CEO and the CFO are going to go down alone – they're going to make sure IT goes down with them." Executives face fines and jail time for signing off on inaccurate accounting certifications.

For those CIOs who may be low-balling the costs of compliance, Denis has an ominous message.

"You've got something coming," he warned.

"We're hearing stories that even certain auditors are dropping clients because they're not putting enough effort into it. Get serious about it."

Braunstein was even more blunt.

"I guarantee they [the government] are going to hang people out to dry," he said.

Tags: IT spending and budgeting,  Compliance strategies and best practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT IT spending and budgeting IT and business management guides for CIOs Gartner's top 10 strategic technologies for 2010 Recession squeezing IT disaster recovery budgets Latest cloud computing trend: End users buying IT as a Service How will IT outsourcing play out in companies' recovery plans? Enterprise risk management quiz for CIOs IT insourcing can bring jobs, cost savings back in-house, experts say Seeking affordable DR in Azerbaijan: IBM, SunGard, are you listening? Managing IT spending cuts: Don't take the easy way out, CIO advises SOA success stories involve business process management Compliance strategies and best practices Information security and risk management guides for CIOs Email archiving solutions and strategies for enterprise CIOs Miscues abounded in Boston email retention policy, practices Health care security, HIPAA compliance on deck for CIOs in Obama era Enterprise risk management solutions for CIOs Addressing compliance requirements in cloud computing contracts Avoiding gotchas of security tools and global data privacy laws CIO turns to identity and access management to solve business problem Log management tool, SIM boxes combine to form security architecture Data protection quiz for enterprise CIOs

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary GRC (governance, risk management and compliance) software  (SearchCIO.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary