CIO Magazine, normally what I would characterize as a publication
with a somewhat retiring approach to matters, headlines on this month’s
cover, "The
Sarbox Conspiracy."  Who’s
conspiring against whom?

A brief historic detour, first:  When F500’s and their like began
implementing ERP [enterprise resource planning] systems in the ’80’s
and ’90’s, they were IT installations subsequently "owned" by IT, and
the CIO thus usurped many critical financial controls from the purview
of the CFO.  Now, the playing field may be reversing:  The
"dark agenda" is that CIOs "fear Sarbox has become a stalking-horse that
CFOs are using to assert control over IT and displace the CIO as the
company’s business process expert."  Perhaps
an alarmist view, but it’s hard not to sympathize with the CFO who asks,
"’Who signs on the bottom line?,’ his voice shaking with emotion."

Boys and girls, please….   As I’ve ventured before, there’s a
way to make lemonade out of this, and General Counsels and outside firms
should be leading the way.  Think of this as an opportunity to competitively
distinguish yourself from everybody else piling into the Sarbox-compliance
arena.  It may be the case today, as an AMR survey reportedly found,
that 74% of Sarbox compliance efforts are being led by finance and only
4% by IT, but the remainder are apparently led largely by legal.  I
believe that percentage should be far higher.

Why?  Not because of lawyers’ superior business insight or analytic
acuity—not even because, lest we forget, Sarbox is a law—but
because the salient risk a Sarbox compliance-failure poses is primarily
to the enterprise.  I do not mean to minimize the human reality
of criminal liability for the CEO and CFO, but let’s also recognize that
they have now taken those jobs eyes-open to such an eventuality.  I
insist, instead, on the enterprise’s self-interest as the guiding lens
through which Sarbox compliance must be contemplated and executed.  And
what is a more appropriate domain for the General Counsel and critical
outside counselors?

For the plain fact is, as the article in a more temperate moment notes,
that "Sarbanes-Oxley means CIOs and CFOs need each other more than ever."  The
Sarbox opportunity is to move intellectually and conceptually beyond
the perils and menaces of failing-to-comply, and to seize the chance
to move a corporation’s internal financial and data controls
to a new plane of reliability, assured integrity, and end-to-end transparency.  Let
enlightened outside counsel lead the way.