For better or worse, IT organizations can take a collective sigh of relief now that the feared audit of their operations seems to fading as a requirement.
As Congress moves to put more exemptions in place to make regulations such as Sarbanes-Oxley less onerous, we seem to be witnessing the dismantling of the financial reforms of 2002 that led to so much fuss and bother in the IT department. In fact, those reforms gave birth to a whole cottage industry of auditors who admittedly added a lot of expense to the overall process of data management without providing any direct material benefit to the company or the interests of the investors that they were suppose to protect.
But for all the complaining about the cost of these audits, the vast majority of which were done using inefficient processes that resulted in lots of billable hours for the auditors, the fact remains that the specter of these audits was a good thing for IT in the long run.
Any number of senior IT managers will tell you that while they hated the actual process, the focus these audits brought in terms of putting increased attention on IT governance was a good thing. Because of these audits, many IT organizations improved any number of sloppy IT processes that would have been left unaddressed if not for a pending audit. And some of the more forward-looking organizations also increased their level of IT sophistication by employing more tools to automate certain processes as part of a general effort to make the auditing process less time-consuming.
Unfortunately, without some major external impetus to make the IT department more efficient, the whole issue of IT governance might be heading for the backwaters again. That would be an unfortunate outcome. There's no doubt that the current regulations and auditing process are deeply flawed. But sometimes even the most flawed of processes can wind up being a major driving force for the greater good.