While Sarbanes-Oxley compliance is at or near the top of the list of corporate IT concerns, there has been little detailed discussion of the implications of Sarbanes-Oxley for how law firms handle their clients’ information or for law firms themselves. Now, part of the reason for that may be that legal profession, fresh off a victory in a ruling that Graham-Leech-Bliley does not apply to lawyers (we’ll leave the negative PR implications of that “victory” aside for now), remains confident that Sarbanes-Oxley will not apply to law firms.
However, I’m not sure that corporations spending millions of dollars on Sarbanes-Oxley compliance want to be so cavalier about the legal profession’s notoriously less-than-air-tight approach to information security.
I collect good, practical articles on Sarbanes-Oxley compliance and have found a gem of a short overview called “Using IT to Comply with Sarbanes-Oxley by Elvia Novak. It’s not a detailed article, but it strikes me an excellent high-altitude view of what’s important.
The article can be found on the excellent SmartPros Accounting website. It’s not often that you can say that a publication with articles for accountants is a must-read, but I’ve found the SmartPros e-mail newsletter a consistently great source of useful information and a regular part of my Monday morning reading routine.