Overzealous lawmakers keep piling on the regulations, and IT is paying the price Corporate America has a problem. It’s struggling to make sense of Sarbanes-Oxley and other regulations. According to Associate Editor Richard Gincel, who wrote “The awful truth about compliance”, compliance is so expensive and the rules are so ambiguous that many companies simply try to get by with the absolute minimum — and hope not to get nailed.Still, the real “awful truth” is that compliance, in many sectors, is a disaster. It’s overly burdensome, absurdly expensive, and largely ineffective. Case in point: A compliance vendor recently told me that many companies are devoting as much as 50 percent of their IT budget to compliance — an unconscionable sum. In particular, Sarbanes-Oxley Section 404, which requires companies to prove their processes are equipped to produce certifiably correct data, is a massive drag on profitability.Burdensome regulations also make the United States less attractive to multinationals. One executive went so far as to tell Gincel that the high cost of compliance was making him reconsider maintaining a stateside presence. And here’s the real kicker. If compliance regulations could truly prevent another Enron, I’d say bravo. But I’m skeptical. Purposeful cheaters always find a way to defraud, and so far, at least, there have been few prosecutions. Have corporations really cleaned up their acts? Yep, and Santa will be shinnying down our chimneys any day now.So what should we do? Here’s an analogy: Doctors don’t routinely order batteries of expensive tests; they check vitals and run other tests if something looks fishy.How about a similar approach? Instead of requiring companies to collect gigabytes of metrics (most of which will never be seen), let’s gather less data, but examine it more closely. Then, companies could have a shot at compliance, and that’s the not-so-awful truth. Security