Will Sarbanes-Oxley change the way corporations deal with the world? The jury is still out on that one.

Ventana Research raised questions about its effectiveness following last month's indictment of former Refco Inc chief executive Phillip Bennett by a grand jury on a count of securities fraud.

OK, here's the drill. Theoretically, Sarbanes Oxley can reduce the risk of fraud. Trouble is it only really works through a total quality management approach to financial processes. But how exactly do you do that?

Dave Bowser, information systems security systems manager with tool manufacturing company Kennametal, offers some solutions which include working smarter and streamlining administration. Another way is to link SOX-related activities in how you pay employees. Put simply, you stick it into their performance objectives and give them a vested interest in making it work.

But perhaps the biggest challenge is to change business culture. Sure, most businesses are straight but there are always some that will cut corners. And that's the problem. A recent survey of certified fraud examiners by Oversight Systems Inc found that while 65 per cent felt SOX had been successful in identifying incidences of financial fraud, few believed the changes would stick. In other words, the culture of business is not expected to change.

This coincides with warnings from IT managers that if companies put too much focus on regulatory compliance as part of their efforts to beef up corporate information security, they'll end up not seeing the wood for the trees. In the end, that would only weaken the organisation's defences.

So will SOX achieve its aims? Or more to the point, do companies have the management expertise to ensure that it does?