Controls for Compliance: When Good Enough Is Good Enough

Get Access

Get Instant Access
To unlock the full content, please fill out our simple form and receive instant access.

From a CIO's perspective, legislative compliance plays a large role in governance and IT/business alignment. To achieve compliance, IT must implement a large body of controls that mitigate risk. Small to mid-sized enterprises (SMEs) are at a disadvantage due to resource constraints, but can still comply with the law by focusing only on the most relevant IT controls.

The SME Squeeze

An earlier McLean Report research note, “SarbOx for SMEs Now an Absolute Certainty,” demonstrated how new compliance deadlines are forcing SMEs to quickly identify requirements and turn them into real-world IT controls in order to meet auditor demands. The situation becomes even more critical from a cost perspective, given the average SME pays out disproportionately higher costs to meet first-year compliance requirements (about 1% of annual revenue) than do larger enterprises (0.1% of revenue).

Hide Details

Search Code: 6263
Published: November 6, 2007
Last Revised: November 6, 2007

Related Content

GET HELP Contact Us
VL Methodology