Years ago when SOX404 standards became mandatory for public companies it was a common statement from IT, Finance and other managers—“Shouldn’t we be doing most of this stuff anyway?” Sure the cost of moving from where we were to a more transparent, 404 compliant infrastructures was initially high but
Only because we didn’t think to build this stuff in from the beginning and
Has continually declined in cost as people (and companies) got on the band wagon.
The Defense Contractors Audit Agency (DCAA) has been in the business of auditing busineses that do business with the DoD since 1965—substantially longer than SOX404 has been around. In similar fashion, this was mostly stuff we probably should have been doing anyway in the name of good business.
Even without the recent watering-down of SOX-like controls I think it is fair to say industry has absorbed such controls and compliance as just another cost of doing business—much like the Defense contractors did when the DCAA enforced consistency of contract rules across all branches of the military 45 years ago. What is surprising to me, however, is how each generation can become lazy in these attitudes over time—even to the point where many ‘should be doing anyway elements’ are marketed as ‘DCAA Compliant Features’ of a Timekeeping system like Kronos and eTime. What this tells me is that it is worth highlighting some of the dual internal/external benefits of said features from time to time. As is typical, the impetus to BLOG on this subject came from a recent experience with a client during a Kronos implementation and tomorrow we'll go into so detail about just that.