CEO: “For all the fretting over regulation, SOX compliance could be a good thing for information security” Don’t try to impress the auditors with how many controls you have. They don’t want to see that. They want to focus in depth on critical controls rather than in breadth on every single control. Centralize administration, document the control once, and it applies everywhere, as long as it’s processed in a single way by a single set of people. To deal with acquisitions, bring down the hammer.”]
Source: https://www.csoonline.com/article/2118808/how-to-learn-to-love-sarbanes-oxley.html