Sarbanes-Oxley - How is it Affecting You? 125
Grant Barrett asks: "All I hear from IT directors is Sarbanes-Oxley, Sarbanes-Oxley, Sarbanes-Oxley. SOX, as they're calling it, is taxing manpower, swallowing time, and adding huge administrative headaches--not to mention incurring fees and salaries paid out to staff or third-party firms hired to ensure compliance--and that's just the IT department. How are you dealing? Did you make your compliance deadline even after the extension? Are you joining the the backlash?"
World's smallest violin (Score:5, Insightful)
MORE billions, in fact, than what the attacks on the World Trade Center cost us.
And now, they are saying that the burden of complying with a law that will help to prevent future abuses is too high? Boo Hoo.
I don't think it's too much to ask companies to prove they aren't ripping us off.
Re:World's smallest violin (Score:2)
Where is your proof that this new law will prevent future accounting mis-practice? where is your facts that this was the least costly way to go about it.
The truth of the matter is that this legislation was knee jerk reaction to a complex and deep issue. For instance compliance only applies to publicly listed companies. The legislation does not take into account how other countries
Re:World's smallest violin (Score:1)
How much does compliance cost?
Compliance will ultimately cost nothing. With better accounting and better accountability, we won't have the kinds of ethics problems that we have seen. Companies will also benefit from better accounting, because the CEO will have the right numbers in front of him. If we are to believe Worldcom Bernie, he didn't know nothin' bout accounting problems. This law will fix it, and make companies more efficient, better directed, and therefore s
Re:World's smallest violin (Score:2)
'Don't have any...' So we're spending all this money with no idea if it's going to bring a net return? Ludicrous. What
Re:World's smallest violin (Score:2)
It is, if you look at the costs spread out over ALL the publicly held companies in the US. SOX is a money sinkhole, a bit of knee-jerk feel-good legislation that is going to hurt far more than it helps. Yay....
Re:World's smallest violin (Score:1)
I have up to the minute figures on all aspects of the economy, in my brain. Of course I can prove it.
Plus, I read the Wall Street Journal, Forbes, and many other journals. They agree with me.
Re:World's smallest violin (Score:2)
Hi, Profane. I see we're on opposite sides of an issue again.
Compliance has costs, right now. It's time and money spent NOT satisfying customers, NOT building business relationships, NOT producing product, NOT hiring more workers or NOT improving the conditions/pay/training of the employees.
There is something you don't seem to grasp, called the "Time Preference Of Money". It is why we earn interest on money we don't spend today, or pay interest on money
Re:World's smallest violin (Score:1)
Not a problem. You've always argued like a gentleman.
So far I've argued the upside of Sarbanes-Oxley, and I think that all those things are true upsides. I think that ultimately it will be effective in allowing corporate corruption to be detected.
I don't think this is the broken windows fallacy in general, because nobody is claiming that auditing in itself will be a benefit. The benefit comes from the lessened corporate corruption. Corruption
Re:World's smallest violin (Score:2)
Actually, I do have a big problem with one thing you're saying, even though I am not certain you mean what it seems you mean. To wit:
a free country also relies on people being able to get rich *fairly*
There's nothing fair about life. Trying to impose "fairness" is a justification used by tyrants to lull individuals into a false sense of security while they're being stabbed in the back. But what I think you meant was not fair but ethical.
One of the unseen effects of all
Re:World's smallest violin (Score:2)
The regulations don't punish anything that isn't already punishable, and impose great gobs of costs in their compliance.
It's like making detailed laws against murder. Death by bludgeoning is a separate crime from death by stabbing, separate from death by shooting, etc etc etc. Motorvehicular homicide? Still homicide. All are murder, all prosecutable, but it tak
Re:World's smallest violin (Score:2)
Which is why I would only invest in a company (if this were a completely voluntary system) which ascribed to a set of accounting practices. I'm not saying that the level of detail that SOX requires is in-of-itself bad, I'm saying that I would prefer it be something done because it inspires investor and customer confidence.
The reason that a free market doesn't succumb to the same dead-end corruption as a command economy d
Sarbanes-Oxley damages (Score:2)
Here's a quick article over on mises.org that addresses the continuing problems with this latest massive interference with "the market":
http://blog.mises.org/blog/archives/003418.asp [mises.org]
I would appreciate any comments you have on it.
Bob-
Re:Sarbanes-Oxley damages (Score:2)
It is exactly the same problem with all government regulation. That the costs of compliance with the regulation and its consequential requirement for yet more regulations to try to fix the problems the first regulation caused, on and on ad nauseum, constitute far greater damage to everyone, especially the innocent, than wo
Re:World's smallest violin (Score:2)
I can't fairly evaluate the rest of your post, but I hope it's more accurate than this.
Enron failed primarily because of pervasive accounting fraud, although their overspending on things like bandwidth trading and the outright theiving of people like Andrew Fastow sure didn't help. To anybody who knows the first thing
Re:World's smallest violin (Score:3, Insightful)
Just to note: Laws don't prevent anything from happening, they just provide legal footing for a response/recovery. Murder is illegal, but that doesn't stop people from murdering. It is, in some way, a deterrent to rational people who may contemplate murder.
In the same way, this law provides a framework for prosecution abilities. We will hope that the threat of being held responsible for a hurtful act will act as a deterr
Re:World's smallest violin (Score:3, Insightful)
As for your idea, transaction data is worthless to investors. That's data not information.
The purpose of the act is to create a pa
Re:World's smallest violin (Score:3, Insightful)
Well, the audit trail for a $1 transaction can easily cost $0.20. ($0.12 is a best-case number that the credit card companies used to use.) Small component costs can kill your margin quite quickly!
Much of what is required by the act is "good." However, the end-run for many businesses will be to force them to offshore (audit) work in an effort to drive down that extra overhead by 50-60% and make themselves remain competitive.
It's a boon to my business... as long as we are
Re:World's smallest violin (Score:2)
Well, I doubt that would fix it. If people are going to lie about paperwork, they'll lie about that paperwork as well. It may make it a little harder.
No siree. The correct answer is to pass a law saying if you knowingly screw people out of their retirements you die. Painfully. And the
Re:World's smallest violin (Score:4, Interesting)
1) Killed thousands of highly productive people
2) Shut down a section of a major US city for days
3) Destroyed extremely expensive buildings which then required a very expensive clean up effort
4) Shut down a all foreign trade for days
5) Shut down a good chunk of the US transportation system for days
6) Resulted in large permanent increases in US airline ticket prices
7) Resulted in 2 wars
8) Resulted in an increase of oil prices from $20 barrel to about $40-50
9) May have increased cancer rates and other long term health costs for something on the order of 2 million people.
Depending on how you add this up you are talking $200b-600b in costs. I'd say Bin Ladin has Ebbers and Lay beat by about two orders of magnatide. I'd love to see Ebbers and Lay do 20 years and lose everything they own in fines. Bin Ladin is way beyond merely a criminal.
Re:World's smallest violin (Score:1)
If you're going to add all sorts of other things in there, you have to include them into the financial collapse too. How do you value in dollars the loss ordinary people suffer when they have to work extra to compensate for their lost retirement? What is the dollar cost to these people when their lost retirement prevents them fr
Re:World's smallest violin (Score:2)
Re:World's smallest violin (Score:1)
http://www.brookings.edu/comm/policybriefs/pb106.h tm [brookings.edu]
Forbes reports that Enron owed $67 billion dollars (Worldcom owed TWICE as much), and the creditors were going to get less than 20 cents on the dollar. Turns out that they only had $12 billion to pay them.
http://www.forbes.com/business/2003/07/11/cx_da_07 11topne [forbes.com]
Re:World's smallest violin (Score:2)
Some people lost money others gained. If I blow up a building the wealth is just gone.
Re:World's smallest violin (Score:1)
As I pointed out in another post in this thread, corruption allows people to get rich unfairly. This also means that some other people are prevented from getting rich fairly. It's a direct undermining of the integrity of the capitalist system. There are countles countries around the world where widespread corruption is a significant part of their problems (think Central and South America).
Obviously, money
Re:World's smallest violin (Score:2)
Re:World's smallest violin (Score:2)
Two words: rolling blackouts.
Re:World's smallest violin (Score:1, Troll)
Yes, it's really remarkable how Bin Laden was able to pressure millions of Americans to buy SUVs, force our government to deep-six research on alternate energy sources, and to retroactively sabotage any meaningful forms of mass transportation.
Re:World's smallest violin (Score:2)
Re:World's smallest violin (Score:2)
It is convenient for our current government to blame terrorism for a failure in planning and policy, but 9/11 did not cause current oil prices.
If so, why did it take 3 years for the price to climb? Demand and Production capacity! When the price used to jump, OPEC adjusted production to stabilize it. Why can't they do the same now? Production is running pretty high already, and they can't just "tur
Re:World's smallest violin (Score:2)
Yes world demand is high. But the shortage is being caused by enemy forces succesfully attacking our oil production.
Re:World's smallest violin (Score:2)
Re:World's smallest violin (Score:1)
Re:World's smallest violin (Score:2)
The major increase in ticket prices are due to the increasing cost of oil, but even limiting ourselves to the 9/11 related price increases, there's a lot of overkill there, as well as the airlines using it as an excuse to raise the prices for an already ailing market. I'll grant calling the ticket price increase 'huge' is a matter of opinion, but when taken as a portion of the hundreds of billions the parent poster claimed, I'd be hard-pr
Re:World's smallest violin (Score:2)
Re:World's smallest violin (Score:2)
1) Killed thousands of highly productive people
2) Shut down a section of a major US city for days
3) Destroyed extremely expensive buildings which then required a very expensive clean up effort
4) Shut down a all foreign trade for days
5) Shut down a good chunk of the US transportation system for days
6) Resulted in large permanent increases in US airline ticket prices
7) Resulted in 2 wars
8) Resulted in an increase
Re:World's smallest violin (Score:2)
Re:World's smallest violin (Score:2)
Re:World's smallest violin (Score:2)
Re:World's smallest violin (Score:2)
Re:World's smallest violin (Score:3, Interesting)
Re:World's smallest violin (Score:2)
The are a several main factors, none of which have much to do with the supply of crude oil.
- The dollar has devalued nearly 25% since 2000 versus the Euro (imports are more expensive)
- The Feds have allowed oil company mergers to go through again. There used to be 15 gasoline refineries in NY, post-consolidation there are 6. (ExxonMobil represents the core of the old Standard Oil monopoly.)
- Oil company lobbyists have encouraged state governments to pass differning gasoline
Re:World's smallest violin (Score:2)
Re:World's smallest violin (Score:2)
I have a good friend who's own a small chain of gas stations, so most of what I hear about the industry centers around gasoline.
Sarbanes-Oxley slowed OSS corporate involvement (Score:1, Informative)
more laws != better laws (Score:3, Insightful)
I don't think it's too much to ask companies to prove they aren't ripping us off.
I'm pretty sure that it was already against the law for executives to loot a company and steal from the shareholders, even before Sarbox was passed.
I am center-left on political, social and economic issues, and even I fail to see how another law will prevent future corporate scandals, when there are
Re:more laws != better laws (Score:1)
True, but that's not what the law is about. The law is meant to make accounting more accurate, resistant to "fudging", and more transparent to investors.
The problems at Worldcom and Enron (et.al.) happened because existing laws were not enforced
Enforcement isn't possible without a certain level of transparency. The law forces that, and limits opportunities
Re:World's smallest violin (Score:2)
I see nothing wrong with asking companies to prove that they aren't ripping off stakeholders. I do see a huge problem when the solution is worse then the problem. We used to have 3 or 4 corporate, customer, Price Waterhouse audits a year. At this point I've been involved in about 10 audits for this year. I have one person dedicated full time to audit a large part of which is SOX related.
I fully expect to start seeing filing with the
Re:World's smallest violin (Score:2)
Re:World's smallest violin (Score:2)
What is Sarbanes-Oxley? (Score:3, Informative)
Oh well, since he can't be arsed, here's a quote from the second link:
Re:What is Sarbanes-Oxley? (Score:1)
Ok. So WTF does it have to do with software, hardware, or any anything else we generally talk about /.? Sounds like a potential pain for the CFOs and their legions of bean counters, not the CIOs and their geek armies, so what's up?
Re:What is Sarbanes-Oxley? (Score:1, Informative)
We got dinged on a few minor things, like no documented policy on hardware service level agreements. K-P-M-G considered this a "Significant Deficiency" in internal controls, which is one ste
Re:What is Sarbanes-Oxley? (Score:2)
No kidding. Another thing that would have been useful would have been had he pointed out what the fuck this has to do with IT.
I mean, seriously, "All I hear from IT directors is Sarbanes-Oxley, Sarbanes-Oxley, Sarbanes-Oxley."? If *I* was a conservative (or corporate, if you prefer) lobbyist, and *I* wanted an issue on Slashdot that has nothing much to do with IT, *I'd* submit an article that mentions IT without any logical context, and re
Re:What is Sarbanes-Oxley? (Score:3, Insightful)
Easy -- E-Mail communications related to the operation of a business which is subject to SEC oversight (publically traded) is now considered a vital piece of corporate history which must be preserved.
From this thread [sarbanes-oxley-forum.com] you can get the gist of it.
Violated Section 17(a) of the Securities Exchange Act of 1934, Rule 17a-4 under the Exchange Act, NYSE Rule 440 and NASD Rule 3110 by fai
Re:What is Sarbanes-Oxley? (Score:2)
Which has little to do with IT. If IT fails to preserve email, IT won't go to jail. The executives will only go to jail if they are seen as negligent or otherwise accountable for IT's failure--which is the way it should be!
There are huge IT ramifications involved here.
You mean they have to click a check-box/add a config line to an rc file?
OH MY GOD!!! SARBANES-OXLEY, SARBANES-OXLEY, SARBANES-OXLEY!!!!
Your ignorance of SOX doesn't negate that this is very much an IT iss
One the best laws in a long time (Score:5, Insightful)
If that's costs money I'm all for seeing the money spent.
Re:One the best laws in a long time (Score:2, Insightful)
I really have to agree with you. There should be a paper trail on this sort of thing. If that is "taxing manpower" then I have to ask you, what the hell were you actually doing before?
I would love to see these white-collar criminals treating like the self-serving scum that they really are. Maybe we need to see a few of them get the business end of a night stick. Maybe we need to see them paraded out of their homes, which are promptly seized by the police, and into the back of squad cars with their cryi
Re:One the best laws in a long time (Score:3, Insightful)
Re:One the best laws in a long time (Score:2)
Youg gotta know how to roll with the punches.
Re:One the best laws in a long time (Score:1)
Ditto! Instead of punishing the honest corporation for the sins of Enron and WorldCom, why not punish the actual lawbreakers?
Re:One the best laws in a long time (Score:1)
if only.
More info... (Score:3, Informative)
Re:More info... (Score:2)
In the Cincinnati financial district, there are accounting firms that can't remodel floors fast enough to hold all the people in their 'Sarbanes-Oxley wing.'
Network security measures (Score:2)
They also closed off access to most ports besides 80, but I think that was just a local decision.
Re:Network security measures (Score:2, Interesting)
Also keep in mind that even if policies can be compromised, the fact that a policy is there can protect a company in the event of a lawsuit, whereas if th
SOX Sucks (Score:5, Interesting)
Re:SOX Sucks (Score:1, Informative)
Re:SOX Sucks (Score:3, Funny)
Re:SOX Sucks (Score:2)
Next to reliable backups, I can't think of anything more important than a changelog.
Re:SOX Sucks (Score:1, Informative)
"compliance" (Score:1, Informative)
Our blank check stock must be kept under lock and key. Great.. Well the key is just in a draw in the AP department.
Control issue with AR not being able to recieve checks so in the event a check comes into our office instead of the lockbox it goes to AP. Well AP can't deposit the check without a customer # or Inv #. So they take the check to AR to get the info which generally means dropping it off and coming back later to get a stack of checks.
Database security has bee
Re:SOX Sucks (Score:2)
PS: see my journal entry about the perceived "anonymity" at /.
I'm Lovin' It (Score:2)
fyi (Score:3, Informative)
Prevents Accounting firms from doing non-Audit functions for SEC firm that they also perform SEC Audits for (except tax-work, and only if approved by the SEC, and for work that produces minimal income to the Audit firm. These must be disclosed in the Financial Statements of the firm audited.) This is important becase an audit firm in the past could be doing as much or more work for a company in consulting as they were for in audit. The leads to an impression that the auditor might not be independant of the firm.
Increases the required independence of the Audit Committee of SEC Firms (Members of the Board of Directors who hire and oversee Independant Auditors). This is important because the Audit committee should not be biased towards the company if they are hiring the independant auditors and overseeing their work.
Makes Management of companies more responsible for the assertions they have in their Financial Statements (and assertion may be along the lines of "Currents Assets: $1.3 Billion" or "In the following year we expect to open three more locations in
Requires Management to asses the controls associated with preventing fraud, defalcation and errors that could lead to materially misstating their Financial Statements, and requires an independant Audit of this assesment. (This would be the part that affects the IT community the most.)
It also created a required record retention for audits, more thourough peer reviews of audits and rotations of the Audit Partners associated with the audit. (Thank you, Arthur Andersen)
How this affected me:
Many more jobs in the Audit field, mine being one. Which allows me to be a techy on the side, which is a lot more fun that it being work.
How I'm affected (Score:1, Interesting)
Now, having seen the changes around the company and the assinine requirements that NON-financial related projects have to meet, I'd say it's worthless and will only cause the US economy to further stagnate.
Just a quick
Re:How I'm affected (Score:2)
Re:How I'm affected (Score:2)
Re:How I'm affected (Score:2, Interesting)
Re:How I'm affected (Score:2)
You are defining risk in terms of who is more likely to technically be knowledgeable enough to successfully roll an application into production. The auditor is defining risk as assume that some of the people in the company want to deliberately falsify data, how do you put in place a process such that they are unlikely to be successful. Developers because they are the most qualified are the people who would
Re:How I'm affected (Score:2)
Again, SOX does not require that all or most of your systems be trusted. So it doesn't even apply to most applications. This is a regulation people are creating for themselves. It doesn't require you have good backups or that you are monitoring your systems against failure, failure doesn't create falsified data.
It sounds to me like your organization is implementing change control across the board. Change control can be a real productivity killer f
Re:How I'm affected (Score:3, Informative)
I *heart* Sarbanes-Oxley (Score:1)
Thanks Sarbanes-Oxley!
Far reaching scope of SOX (Score:1)
No impact on me. (Score:2)
Is it having an impact on IT resources that I can see? No, not really. I'd never heard of it until this story, in fact.
Re:No impact on me. (Score:2)
For others who may also think this has purely accounting applications instead of any tech implications should know that either as part of SOX or related to, corporate e-mail has now become court-admissable.
Companies are expected to be able to retain (and possibly audit) their e-mail in case they are required for court purposes.
Cheers
Re:No impact on me. (Score:2)
> of any tech implications...
I didn't say it had no tech implications -- I said that I currently don't *see* any, at least in the area of the company where I currently work.
> Companies are expected to be able to retain (and possibly audit) their e-mail
> in case they are required for court purposes
Interesting. When I worked at Northwest Airlines, we used to keep mail around for years (since we did a certain amount
SarBox (Score:1)
Oh - and I prefer to call it SarBox - makes it sound more like the disease it really is.
Why reward the guilty? (Score:1, Insightful)
The new laws were crafted to solve a real problem, but only end up costing the businesses more money. Why should the same consultants that caused the problem be rewarded by a law that requires more paperwork and more billable hours for those who caused the problem in the first place?
Co
IT & SOX (Score:1)
In all of the above cases, we were already more than compliant. The only major change was the inclusion of a "special" character in passwords to make them more difficult
Ahh Sarbanes-Oxly... (Score:2)
Don't get me wrong, the idea behind the law is a good one, but the problem as I saw it is that its too vague in definition of what is a controlled system. Basically as I understood it any system that touched the financial records needed to be audited and controlled. For a smaller company with an
Rolling. (Score:2)
i'm not sure (Score:2)
Problem: What does compliance actually mean? (Score:2)
In terms of concrete specifics, I think there's a great deal of confusion out there as to whether a software company is even *capable* of being compliant.
So, you Americans have my sympathy! Perhaps someday your congresscritters will have some measurable grasp on something other than their own two butt
Re:Problem: What does compliance actually mean? (Score:2)
We have the same problem. Are you blah, blah, blah. Our real answer is, "our product has enough bells and wistles to meet that need". No joke, it really does. Its all about security and what kind of stuff your product it can do.
I love Sarbanes-Oxley (Score:2)
Re:I too hear the buzz, but no real effects. (Score:3, Interesting)
Funny, when some box gets rooted for having a dictionary password, there's plenty of blame to go around (for users and IT), but when rules are implemented to prevent such things, it's "obnoxious changes" from IT.
When I was an
Re:I too hear the buzz, but no real effects. (Score:2)
Have to change your password every month? Simply append a monthly-incrementing number at the end of your normal password. Congratulations, you just lost the benefit of rotating passwords! Have to use symbols and numbers? Write in 133t5p3&k and all you do is prevent the 1&m35t of dictionary crackers. Prevent that and the users will WRITE their passwords do
Re:I too hear the buzz, but no real effects. (Score:2)
I was originally assigned an 8-character, all-lower-case + 2 letters alphanumeric password. It was computer generated. I kept this password until the first expirey, then changed to another password of the same length, lowercase + digits.
Then the third expirey came around. Suddenly my previous passwords were off limits -- and I needed to use more distin
Re:I'm just curious... (Score:2)
What does ANY of this have to do with disclosure of corporate finances and executive compensation?
Re:Feh (Score:2, Interesting)
I work with fortune 500 clients and they are scared s-less - the threat of jail time makes the security concerns appear more real.
All of the services and products we have been pushing - identity management, e-mail archiving, log analysis, data correlation are all growing by leaps and bounds.
my sponsors are loving it as well. The projects they have been trying to jump-start for months if not years now are getting the go ahead due to SOX audi