[bardworx]

I'm not sure what the OP was alluding to but based on: (1) I ran a department that was audited for compliance [minor, startup, audit for investors] and (2) my wife works for a big4 that does audit companies for compliance in the Financial sector that file w/ SEC.

When a company is audited, not only are their financials audited but also their IT department. The IT department has to be able to present plans on how it is able to audit user actions, retroactively retrieve information from prior dates to detect fraud, and manage their infrastructure in a complaint manor.

Since the big4 are not IT firms, they can only provide "guidance" on the state of the company and if the IT department is actually able to accomplish said goals. Some companies are held to a higher standard and have specific items that they have to accomplish (i.e. how they manage their encryption keys in order to secure their communication). From my understanding, there was actually a lawsuit that Deloitte and PwC lost because they could not determine that fraud has occurred [0]. In the article I've included, it does not say anything about IT but based on my conversations with my wife, this has something to do with some Execs changing their records to hide fraud. Since the financial audit didn't pick anything up (the transactions weren't recorded), their IT compliance team should have been able to tell that there were lack standards in data integrity, management, and access.

This might not be the full picture and I might have not remembered the full conversation correctly. However, I believe this is why Slack having the EKM management might appeal to larger firms who might have to file under compliance of one law or another. Hopefully someone can chime in with a better explanation.

[0]: https://www.marketwatch.com/story/pwc-faces-largest-ever-aud...