"The applications can't help you if two-thirds of your world is run off of spreadsheets," agreed John Parkinson, Cap Gemini Ernst & Young's chief technologist for the Americas.
Basically, there are five stages to get to compliance, said Moran: documentation, analysis of risk, placement of controls, monitoring those controls and reporting. "And that's all assuming you've got a business model you can actually summarize like that," he said.
"People are realizing that this is a more a services-, business-orientated process problem," said Mogull. "There's not a magic-bullet technology solution."
Want to discuss the issues raised in this story? Take it over to our IT Management Forum.