Malone is a boilerplate "Regulation is bad for business" guy who happens to be focused on the tech world.
He claims SOx has failed, he claims the costs are too high. Perhaps he forgets the cost of NOT having such regulation.
In addition, study after study has found that there are many benefits to becoming SOx-compliant, from risk attenuation to more accurate financial reporting, to streamlining processes via standardization. Googling "Sox benefits" will bring up quite a few, though you might need to wade through some marketing muck from companies whose line of business rests with providing compliance tools.
I can personally attest that Sox compliance has saved a former employer of mine tens of millions... potentially more, if certain practices hadn't been discontinued and happened to be caught by the SEC.
I think the main reason IT professionals hate SOx is that some of their work becomes drudgery. They fail to see the big picture, and from the finance side, I do what I can to make sure they can see how much it helps the company. As for it being an unnecessary burden on companies... tell that to the people who had their retirement savings in Enron stock. Tell that to the people who pinned their ability to put their kids to college on Worldcom stock. It takes a short memory to forget that confidence in large public companies in 2001-2 was similar to the confidence people have in the banking industry now. Would Malone argue that the best thing we can do for the general public now would be to deregulate the banking system further?
I'd also note that the small companies he refers to have a much easier time with SOx compliance, such as a longer period in which to become SOx compliant. Further, it's been demonstrated that the high cost of SOx compliance is in implementation, not in maintenance of compliance. For a start-up, it's easy enough to begin compliant... then you never have to face a huge expense in becoming compliant, since your processes have been compliant all along. Since a lot of the benefits of compliance are "soft" benefits (they are hard to assign an accurate value to), it's difficult to determine whether compliance costs outweigh compliance benefits... but since start-ups do not have to bear the brunt of compliance expense (in converting legacy systems and processes), I feel it's probably beneficial to be compliant.
Of interest, the SEC will be conducting a CBA of SOx compliance for small public companies in 2009. I'm interested to see what their findings are.
Anyway, thanks for doing a mite of research and refuting his cherry-picked data.