Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

By now, any VAR that is not taking advantage of the corporate IT mess brought on by Section 404 under Sarbanes-Oxley is missing a huge opportunity that is not likely to repeat itself anytime soon.

Just like the smart folks who got rich during the California Gold Rush in the mid-1840s by selling picks and shovels to prospectors, VARs are in a unique position to offer their services to troubled IT departments that don’t even know where to start when it comes to getting their organization in compliance.

While there are some who did strike it rich 160 years ago, the real money was in services.

Today, corporate IT managers are the prospectors feeling their way through the muck of compliance, and VARs are the ones that can supply the necessary tools to make them successful.

And this does not go for just those VARs and integrators that service large public companies.

Although many non-public small and medium businesses are not directly impacted by SarbOx, smart businesses, regardless of size, want to employ a set of best practices that mirror some of the more sophisticated and forward thinking organizations.

They are always looking at what their enterprise counterparts are cooking up.

As a result, there are tremendous opportunities for VARs able to assist companies with processes involving documentation, monitoring, reporting and attestation of internal controls.

This has the potential to be a service goldmine for the channel as companies move from the project stage of compliance to making compliance programs a formal part of their business practices.

In fact, Rahul Gautum, senior manager of Deloitte Consulting’s Strategy and Operation Practice, emphasized this very subject during an eSeminar I moderated recently, titled “Technology Strategies That Make Sense of Compliance Requirements.”

It is here that a VAR can entrench itself in a customer’s organization.

An effective and efficient internal control program involves ongoing assessment, monitoring and reporting processes; integrated risk management, financial and internal control monitoring and reporting; clearly articulated roles, responsibilities and accountabilities; education and training; adaptability and flexibility to deal with the change; and of course the right technology to manage the program, according to Gautum.

And he is right on the mark. Talk about leading with a service offering and not products!

There is a natural fit for VARs and integrators to get involved at this level.

During the same eSeminar event, the audience was polled on where they feel technology can play a role in compliance.

Nearly 80 percent of respondents strongly believe that technology plays some role in getting them there.

This too is good news for VARs who can effectively match business needs with technology solutions.

And better yet, only 15 percent of the same audience said they were currently using a channel partner to help with their compliance strategy.

This would explain why nearly 84 percent of them just “think” they have regulatory compliance under control while actually being “dazed and confused” about the entire thing.

Don’t fear, though. Regulatory compliance is here to stay, and most companies are still in the project phase.

However, as organizations get their business processes and governance structures, there is a critical role for VARs.

Don’t let this opportunity slip away; get involved in regulatory compliance before it moves into the program phase or you may be locked out for good.

Elliot Markowitz is Editor-at-Large for Channel Insider. He is also Editorial Director of eSeminars for Ziff Davis. He can be reached at