I read Graham's post on Sarbanes-Oxley and its implications to business. It's alarming that many businesses are not spending the necessary time or resources on this issue. And it's to their detriment! You are seeing a lot of news on this topic. As another example that appeared with the Financial Post Magazine, CIPS President, John Boufford, has been quoted that "Sarbanes-Oxley (SOX) is having a profound impact on the Information Technology (IT) profession... The I.S.P. designation in association with regulatory compliance and IT governance is an opportunity for executives to take a leadership role in further aligning IT with business priorities."
So you can see that this is a serious challenge needing your attention. You need a resource to help you. I'm always on the lookout for reference material-- a guide that provides the technology framework.
Here's one that is well worth study. It will take you on those first steps: regulatory compliance planning guide.
Stephen Ibaraki, FCIPS, I.S.P.