The Sarbanes-Oxley Act (SOX),^[60] passed in the wake of the high-profile corporate scandals that filled the headlines in the opening years of this decade, is a complex piece of legislation with an enormous impact on IMC.

Organizations are spending a great deal of money and making major changes to ensure SOX compliance. As time passes, the changes are bearing fruit. In 2007, the average cost of complying with SOX section 404 was $1.7 million, according to Financial Executives International. These costs, however, represent a decline from the previous year.^[61] Another survey reported internal control weaknesses down nearly 45% in the three years since SOX went into effect.^[62]

While much of the discussion around SOX has focused on its impact on corporate governance, financial reporting, and accounting practices, the law's impact extends beyond these areas. In fact, the law goes to the heart of IMC by affecting the way that organizations must manage and control information.

As a law, SOX is designed to improve the accountability and transparency of public companies. Accountability ...