A fifth reprieve from Sarbanes-Oxley (SOX) does not appear likely for SMBs.

At a forum for small businesses, John White, the director of corporation finance for the U.S. Securities and Exchange Commission, said the SEC has no plans to extend the deadline for small business compliance with the internal controls requirements of Section 404 of the Sarbanes-Oxley (SOX) corporate finance law. White has been issuing this warning all summer, but some SMBs don’t seem to be listening.

In that same forum, White also promised that the SEC would introduce several rules by the end of the year aimed at making it easier for SMBs to comply with SOX, such as a relaxed process for issuing stock options.

Companies with less than $75 million in market capitalization have been granted four extensions on compliance since the law was passed by Congress in 2002 because small business advocates have warned that compliance is too pricey for them.

But another extension seems unlikely if you take White at his word. SMBs will have to be compliant by Dec. 15. At this week’s forum White said small public companies should be acting now to prepare compliance. But it’s worth noting that he is speaking for only the SEC.

“I would just urge all of you that are advising small companies that, at least from this building (the SEC), we are not anticipating any extensions,” White said, according to Reuters.

Note that he said “from this building.” He is speaking only for the SEC. In the world of Washington, D.C., where nuance is everything, that leaves some wiggle room. Congress could easily act again to extend the deadline if business interests like the U.S. Chamber of Commerce lobby hard enough. But time is running out. SMBs should probably be acting as if no fifth extension is coming. You should heed White’s warning.

The situation looks grim.  

More and more employees are bringing unsanctioned consumer technologies into the workplace and, if the trend continues, IT departments will increasingly find themselves swamped with maintenance and support requests and their networks teeming with unsecured devices and applications. 

Even worse, IT is helpless to stop the madness. Your only hope is to control meddlesome employees and their rogue apps by adopting something called an “internal customer care cooperative model.” 

According to “Zen and the Art of Rogue Employee Management,” a new and apparently Mahayana Buddhism-inspired survey/report from Yankee Group, almost half of the workers polled said they “feel more empowered than IT to control their personal IT environment.” They want IM and wikis and other social networking tools, and if their IT departments won’t supply them, workers are prepared to fill the void themselves. 

To avoid all-out IT anarchy, the report recommends that instead of trying (and inevitably failing) to stem the flow of unauthorized technologies, IT departments surrender to employees the power to manage their own IT destinies. According to Yankee Group: 

“IT must adopt a Zen-like approach to manage the technology and the rogue employee. Ceding control to end users via a internal customer care cooperative model reduces IT’s burden while improving customer satisfaction. The Zen support model is fundamentally different than most IT organizations today because it doesn’t seek to dictate policy and enforce standards, but rather set guidelines and steer users in the right direction.” 

To reach this “higher plane” of IT operations, the report recommends IT departments roll out Web 2.0 technologies — such as internal, Web-based portals — that allow employees to manage the ever-increasing legions of consumer apps and devices making their way onto corporate networks. The irony, of course, is that it’s the unauthorized introduction of mostly Web 2.0 technologies that brought us to this point in the first place.  

Regardless, Yankee Group warns that the time has come for a major change in the way IT departments interact with employees and that its Zen-like approach is the quickest path to IT enlightenment. 

“Enterprises can’t avoid consumerization or implement traditional approaches to managing consumerization in the enterprise because it’s failing,” Joshua Holbrook, Yankee Group’s enterprise research program manager, said in a statement. “It’s time for a new operating model; an IT care co-op is the solution.”

It’s Friday, so I thought I’d leave you with these little nuggets to contemplate over the weekend:  

• One in three IT workers has used his or her administrative access privileges to sneak a peek at co-workers’ confidential HR files. 
• One in three IT workers admits he or she still has access to their former companies’ networks because admin passwords have yet to be changed. 

The caveat is that these findings came from a study by Cyber-Ark Software, an IT security company that happens to be in the business of developing software that manages and secures passwords.  

Still, it’s a reminder that your internal security controls can never be too stringent. So how confident are you in your internal controls? Just something to think about while you’re kicking back this weekend. Enjoy (if you can)!

Hello, and welcome to SMBlogger, the Weblog of TechTarget’s SearchSMB.com.  

As an IT professional at an SMB, you need to keep informed of developments in many technologies and be able to act on that knowledge to put together and support solutions for your business problems with the limited resources you have. Our goal with this new site feature is to provide news and information that will help you do all of those things.  

If there’s a topic you’d like to see us cover, feel free to let us know by commenting here, or by sending me an email. Each of our editors and news writers will contribute to this blog. Take a moment to “meet us.” We look forward to talking with you. 

– Sarah Lourie, Editor, SearchSMB.com, TechTarget