The report found that, despite years of effort and millions of dollars of investment, nearly 61 percent of companies have not yet completed implementation of their Sarbanes-Oxley (SOX) compliance processes.
At the same time, about 64 percent of those tracking SOX metrics have already identified deficiencies within their financial/ERP database environments related to SOX.
The survey is based on the responses of more than 200 enterprise IT managers and professionals.
A related survey found that compliance management is still largely a manual process, with four out of 10 respondents saying that most of their staff's time is spent generating and editing compliance reports for auditors.
The report also highlighted the following high-risk conditions afflicting companies of all sizes:
- Rogue privileged users - such as administrators, developers, or outsourcers - accessing confidential information for malicious purposes
- A scarcity of technologies to easily monitor and enforce corporate policies regarding database change controls, password sharing, connections to databases from unauthorized applications, and viewing sensitive data
- Poorly integrated application environments that often result from mergers and acquisitions