SOX compliance is very important. SOX enforcement is missing so far. Nothing really happens to companies that do not comply but the threat is always there. So it is better to comply.
But Risk Management - the idea behind corporate governance - is a topic we should focus on. That requires thinking beyond SOX or the other flavors of the month.
The attached presentation has a very good discussion on the topic. It is onerous to read through but worth it.