I would like to automate some of the work, to cut down on the manual effort. The production of SOX-related data has already been automated (so people don't have to run reports or pull data from systems), but it's hard to see how the rest of the work can be automated. Human review is part of the process, and so is the audit work. I don't know how we can reduce that work effort.
I think the assumption most people make is that companies should hire more staff to perform regulatory compliance functions like these. In other economic climates, that would probably be the favored solution. In my case, I think it's the only answer. I need to add at least one full-time compliance person to my staff, to handle all the manual SOX work and coordination. But my company is in a hiring freeze right now, and that doesn't look like it's going to change anytime soon. So it's going to be a hard sell.
This week's journal is written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons. Contact him at firstname.lastname@example.org.
To join in the discussions about security, go to blogs.computerworld.com/security.
Read more about security in Computerworld's Security Topic Center.