If there is anything considered more technical than cyber security to the general public, it would probably be financial audits. Yet now, financial audits are by and large an expected part of modern society.

Was it the legislation that brought about financial auditing as the new normal? Or did the legislation come as a natural consequence to a demand that was already there? If so, is it time for a reform that would make audits an expected norm for the cyber security industry?

The great financial scandals and introduction of SOX

Scandals such as Enron, Tyco, Worldcom and Adelphia shook up the accounting industry and led to the introduction of the Sarbanes-Oxley Act in 2002 for publicly traded companies. The standard is not international, but as it applies to companies listed on the stock exchange, it is complied with across borders.

Undeclared conflict of interests and incompetence spiralled into corporate fraud and money laundering, but they had been risks deemed worth taking before Sarbanes-Oxley came into effect.

In the aftermath of the scandals, the bill was passed relatively quickly as a response to public perception that stricter financial governance laws were needed. Criticism of the act pointed to increased costs and an added burden to the regulatory environment.

Fourteen years later, the recently introduced EU General Data Protection Regulation was submitted to the same critical view.

Jul-Sep 2016 Issue