News Stay informed about the latest enterprise technology news and product updates.

Survey sheds light on spam, SOX spending

Many CIOs are doing what they can to stick a fork in spam, but when it comes to SOX, the urgency seems to be missing.

Spam and the Sarbanes-Oxley Act (SOX) are registering much bigger blips on the radars of U.S. CIOs, according to a recent survey from the Society for Information Management.

SIM polled nearly 250 senior IT executives from its membership in North America.

Taking a stab at spam

Of the respondents whose companies have annual revenues of more than $1 billion, 75% have invested in antispam software.

Smaller companies are not far behind. Of the respondents whose firms have annual revenues of less than $1 billion, 70% have bought software to stem the surge of spam in company inboxes.

And the antispam software can't afford to take a break. Last month, three out of every four e-mails processed by e-mail security firm Postini Inc. was junk.

St. George Crystal Ltd. is a smaller firm that has invested in antispam software. Richard Service, CIO of the Jeannette, Pa.-based company, said he's spent about $1,000 on his e-mail system. He'd like to spend more.

"There are just too many other priorities," he said.

Service believes that the amount of spam is even higher than estimates like Postini's. He's worried that it may be a threat to e-mail itself.

"It's overwhelming -- there's so much. [I'm afraid] that it's going to get so bad [that] it's going to make e-mail useless," he said.

Henry Volkman, CIO of Lake Forest, Calif.-based Del Taco Inc., was slightly more succinct in an e-mail to

"I'm as impotent as everyone else in how to deal with this problem on my end," he wrote.

SOX and the CIOs

With the Nov. 15 deadline creeping up for compliance with Section 404 of the federal law, SIM asked its survey pool about their investments in SOX compliance. In the billion-plus club, 43% are not spending a dime on SOX, 29% are spending less than 1% of their budget on it and 18% are investing 1%-5%.

For more information

Another SIM survey says SOX is bringing business and IT together

Read why one analyst thinks SOX helps business and IT align

SOX is a hot topic when CIOs get together

Read more on how CIOs bond over SOX

Check out these three things you need to know about SOX

The sub-billion revenue companies in the survey are spending even less. Nearly 70% aren't investing anything on SOX compliance, 18% are spending less than 1% of their budgets and 11% are directing between 1% and 5% to the SOX cause.

Cal Braunstein, CEO and executive director of research for Robert Frances Group, was surprised to hear that such a high percentage of firms, particularly the large ones, have spent nothing at all on compliance.

"That percentage is a bit high considering what's being asked of most companies," he said. A lot of SOX money may be coming out of the CFO's or auditor's office and not hitting the IT budget, he added. But Braunstein still expected to hear that more firms were spending at least something on SOX compliance.

CIO Bob Denis is spending more to comply with SOX than he is to spear spam. His company, Trimble Navigation Ltd. in Sunnyvale, Calif., is public and does less than $1 billion in annual revenue.

"SOX compliance is huge for us -- it's certainly approaching the million-dollar mark," he said. "Given our size, we're spending an enormous amount of time and money on it."

Evidently, Denis is ahead of the curve. Braunstein said that -- much to his amazement -- CIOs are still asking him what Sarbanes-Oxley is. "CIOs shouldn't be asking this now -- they should be finished with it," he said.

Braunstein added he understands that smaller companies are hesitant to spend on SOX compliance (assuming they know about the law). He also thinks that IT is the last department to be brought into the compliance loop, leaving CIOs with a load of last minute work. The key is for CIOs to get involved from the get go -- whether they've been invited or not.

"I'd want to go out and proactively make sure I'm protected," Braunstein said. "There's no way the CEO and the CFO are going to go down alone – they're going to make sure IT goes down with them." Executives face fines and jail time for signing off on inaccurate accounting certifications.

For those CIOs who may be low-balling the costs of compliance, Denis has an ominous message.

"You've got something coming," he warned.

"We're hearing stories that even certain auditors are dropping clients because they're not putting enough effort into it. Get serious about it."

Braunstein was even more blunt.

"I guarantee they [the government] are going to hang people out to dry," he said.

Dig Deeper on IT spending and budgeting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.