Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Gartner analyst French Caldwell has been covering governance, compliance and risk management since 2002. In a recent conversation with Baseline, he spoke about the regulatory developments affecting information-technology executives. Those include Section 404 of Sarbanes-Oxley, which requires public companies to have certain internal controls in place, and indications that the Securities and Exchange Commission and the Public Company Accounting Oversight Board (PCAOB) will relax some requirements for smaller companies

Baseline: It’s been five years since the Department of Justice said it was investigating Enron. How much has the job of a technology executive changed because of that?

Caldwell: I talked to the CIO of a very large bank recently, and he said that 10 years ago his senior managers spent 10 percent of their time on compliance issues. Now they spend 30 percent of their time on compliance issues.

Technology executives in other industries are also spending an increasing amount of time on regulations. There’s a lot more attention around the actual control of the information and data, and what various people can do with the data. That’s the biggest change.

Baseline: Are there industries that aren’t going to be affected?

Caldwell: Not really. Sarbanes-Oxley applies to all [public] companies across all industries. That does leave out nonprofit organizations, privately owned companies and maybe some insurance companies that aren’t publicly traded. But there’s a SOX knock-on effect, where all of those other entities are increasing their standards because of what their auditors and board members are doing with the publicly traded companies they’re involved with.

Read the full story on Baseline: The Reshaping of the CIO in the Era of SarbOx

Check out’s for the latest news, commentary and analysis on regulatory compliance.