During my career, I have been on three sides of the SOX issue:
- At Ernst & Young I was worried about how to audit for SOX compliance
- At my previous employer I was an application owner that had to fill out the SOX compliance questionnaires and ensure my application had appropriate controls in order comply with the regulations (and pass the audit!)
- Now I work for a technology company that is in a position to offer solutions that can help make it easier for companies to comply with SOX and other regulations
This leads me to a question: For those of you out there that are dealing with SOX, GLBA, etc., what would make your task easier? My group is looking at what Microsoft could do to make the task of compliance less burdensome, and would really like your input. By the way, answering "Provide an extra headcount to fill out questionnaires" is not something Microsoft can do! 😉
You can respond by either sending me a note using the "Contact" link or post a comment to this post. Thanks for your input!