So, what's the worst that can happen when corporations fail to stay on top of their compliance game, whether intentional or otherwise? Just ask SunTrust Bank.

Last year, 'accounting irregularities' were investigated, people were fired and the bank had to restate its earnings upward for the first half of the year. The problems were blamed on inadequate control procedures, insufficient documentation, and a failure to detect errors in loan-loss calculations.

But last week it got worse. InformationWeek reports that the SEC has launched a probe into SunTrust and issued subpoenas seeking documents that might shed more light on the accounting procedures. Moreover, the bank said it will probably not be able to comply with section 404 of the Sarbanes-Oxley Act, which requires top execs to attest to the effectiveness of their internal controls. Duh!

With potential fines looming and perhaps more heads to roll, you might be saying to yourself, 'Hey, SOX has some sharp teeth.' But the worst might be yet to come.

Fines can seem like small potatoes compared to the impact such problems can have on a company's reputation. Optimize Magazine reports that new surveys conducted by PricewaterhouseCoopers show that corporate executives more frequently regard reputation risk as the greatest threat to a company's market value. In the Q&A consultant Carlo di Florio, we learn that while most companies are very concerned with reputation, they fail to make use of the available technology and focus more on the people and processes. The goal, he says, is to design a technology architecture that enables compliance, lets processes to work efficiently, delivers the information needed to make the right decision at the right time.

Technology also plays role in aiding the people and process side of compliance. Ethics training, risk assessment, red flag hotlines, and trend analysis can all be enhanced with technology.

With top brass now being held accountable for keeping their corporate noses clean, using technolgy may be the only way to make sure that the processes and policies are followed correctly. Sending out edicts won't cover their backsides.