Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Businesses IT

Sarbanes-Oxley - How is it Affecting You? 125

Posted by Cliff from the to-comply-or-not-comply dept.
Grant Barrett asks: "All I hear from IT directors is Sarbanes-Oxley, Sarbanes-Oxley, Sarbanes-Oxley. SOX, as they're calling it, is taxing manpower, swallowing time, and adding huge administrative headaches--not to mention incurring fees and salaries paid out to staff or third-party firms hired to ensure compliance--and that's just the IT department. How are you dealing? Did you make your compliance deadline even after the extension? Are you joining the the backlash?"
This discussion has been archived. No new comments can be posted.

Sarbanes-Oxley - How is it Affecting You? More

Sarbanes-Oxley - How is it Affecting You?

Comments Filter:

  • World's smallest violin (Score:5, Insightful)

    by Profane MuthaFucka ( 574406 ) <busheatskok@gmail.com> on Thursday March 31, 2005 @03:02PM (#12102536) Homepage Journal
    OK, so the collapse of mega-corporations like Enron and Worldcom in accounting scandals cost the people of the country, particular investors, billions of dollars. Enron also defrauded California of billions of dollars.

    MORE billions, in fact, than what the attacks on the World Trade Center cost us.

    And now, they are saying that the burden of complying with a law that will help to prevent future abuses is too high? Boo Hoo.

    I don't think it's too much to ask companies to prove they aren't ripping us off.
    • How much does compliance cost? If you are basing your views on cost analysis you cannot omit one of the major data points?

      Where is your proof that this new law will prevent future accounting mis-practice? where is your facts that this was the least costly way to go about it.

      The truth of the matter is that this legislation was knee jerk reaction to a complex and deep issue. For instance compliance only applies to publicly listed companies. The legislation does not take into account how other countries
      • Good response, Lots to think about.

        How much does compliance cost?

        Compliance will ultimately cost nothing. With better accounting and better accountability, we won't have the kinds of ethics problems that we have seen. Companies will also benefit from better accounting, because the CEO will have the right numbers in front of him. If we are to believe Worldcom Bernie, he didn't know nothin' bout accounting problems. This law will fix it, and make companies more efficient, better directed, and therefore s
        • 'Compliance will ultimately cost nothing...' Completely disagree with this drivel. It's costing us time and money now, it will cost us time and money in the future. CEOs/CFOs already have enough information in front of them to make decisions. If they don't they're removed and the next CEO/CFO makes his first task to have this information. Every succesful company knows their figures.

          'Don't have any...' So we're spending all this money with no idea if it's going to bring a net return? Ludicrous. What
          • What if it's costing more than all the fraud etc. was before?

            It is, if you look at the costs spread out over ALL the publicly held companies in the US. SOX is a money sinkhole, a bit of knee-jerk feel-good legislation that is going to hurt far more than it helps. Yay....

          • I also seriously doubt you are able to prove that financial fraud costs less or more than terrorism to the US on an annual basis.

            I have up to the minute figures on all aspects of the economy, in my brain. Of course I can prove it.

            Plus, I read the Wall Street Journal, Forbes, and many other journals. They agree with me.
        • Compliance will ultimately cost nothing.

          Hi, Profane. I see we're on opposite sides of an issue again.

          Compliance has costs, right now. It's time and money spent NOT satisfying customers, NOT building business relationships, NOT producing product, NOT hiring more workers or NOT improving the conditions/pay/training of the employees.

          There is something you don't seem to grasp, called the "Time Preference Of Money". It is why we earn interest on money we don't spend today, or pay interest on money
          • Hi, Profane. I see we're on opposite sides of an issue again.

            Not a problem. You've always argued like a gentleman.

            So far I've argued the upside of Sarbanes-Oxley, and I think that all those things are true upsides. I think that ultimately it will be effective in allowing corporate corruption to be detected.

            I don't think this is the broken windows fallacy in general, because nobody is claiming that auditing in itself will be a benefit. The benefit comes from the lessened corporate corruption. Corruption
            • I thank you for your kind words.

              Actually, I do have a big problem with one thing you're saying, even though I am not certain you mean what it seems you mean. To wit:

              a free country also relies on people being able to get rich *fairly*

              There's nothing fair about life. Trying to impose "fairness" is a justification used by tyrants to lull individuals into a false sense of security while they're being stabbed in the back. But what I think you meant was not fair but ethical.

              One of the unseen effects of all
          • Enron failed because they had a business model based on buying and selling of GOVERNMENT pollution credits and other fabrications of government which failed to be legislated into existence.

            I can't fairly evaluate the rest of your post, but I hope it's more accurate than this.

            Enron failed primarily because of pervasive accounting fraud, although their overspending on things like bandwidth trading and the outright theiving of people like Andrew Fastow sure didn't help. To anybody who knows the first thing

      • Where is your proof that this new law will prevent future accounting mis-practice?

        Just to note: Laws don't prevent anything from happening, they just provide legal footing for a response/recovery. Murder is illegal, but that doesn't stop people from murdering. It is, in some way, a deterrent to rational people who may contemplate murder.

        In the same way, this law provides a framework for prosecution abilities. We will hope that the threat of being held responsible for a hurtful act will act as a deterr

      • I don't have a clue what you mean by complex I don't see anything complex about high ranking executives committing fraud. It a simple scam, no different than shipping empty boxes and having your own trucks hijacked (which was a business technique in the 20s and 30s). These guys got paid for generating profits, they deliberately overstated the profits their company's made.

        As for your idea, transaction data is worthless to investors. That's data not information.

        The purpose of the act is to create a pa
      • How much does compliance cost?

        Well, the audit trail for a $1 transaction can easily cost $0.20. ($0.12 is a best-case number that the credit card companies used to use.) Small component costs can kill your margin quite quickly!

        Much of what is required by the act is "good." However, the end-run for many businesses will be to force them to offshore (audit) work in an effort to drive down that extra overhead by 50-60% and make themselves remain competitive.

        It's a boon to my business... as long as we are
      • The correct answer was for _ALL_ companies trading in the US to publish complete annual accounts down to the transaction level. This would be easier for the company, would provide all the detail any investigator needed.

        Well, I doubt that would fix it. If people are going to lie about paperwork, they'll lie about that paperwork as well. It may make it a little harder.

        No siree. The correct answer is to pass a law saying if you knowingly screw people out of their retirements you die. Painfully. And the

    • Re:World's smallest violin (Score:4, Interesting)

      by jbolden ( 176878 ) on Thursday March 31, 2005 @03:21PM (#12102781) Homepage
      You can see from the above that I'm hugely in favor of this law. The World Trade Center bombing:

      1) Killed thousands of highly productive people
      2) Shut down a section of a major US city for days
      3) Destroyed extremely expensive buildings which then required a very expensive clean up effort
      4) Shut down a all foreign trade for days
      5) Shut down a good chunk of the US transportation system for days
      6) Resulted in large permanent increases in US airline ticket prices
      7) Resulted in 2 wars
      8) Resulted in an increase of oil prices from $20 barrel to about $40-50
      9) May have increased cancer rates and other long term health costs for something on the order of 2 million people.

      Depending on how you add this up you are talking $200b-600b in costs. I'd say Bin Ladin has Ebbers and Lay beat by about two orders of magnatide. I'd love to see Ebbers and Lay do 20 years and lose everything they own in fines. Bin Ladin is way beyond merely a criminal.

      • It depends on how you measure it. The damage to the buildings and the economy directly was measured some time after the attack at $35 billion dollars, and that's what I had in mind.

        If you're going to add all sorts of other things in there, you have to include them into the financial collapse too. How do you value in dollars the loss ordinary people suffer when they have to work extra to compensate for their lost retirement? What is the dollar cost to these people when their lost retirement prevents them fr
        • Even if I grant the $35b figure (which btw doesn't include things like the cleanup) I still don't see how Ebbers and Lay came close to doing this much damage. They shifted money around a pocketed some of it. They caused some friction in the economy as a result of people having to do things like change cell companies. I don't see how you get to $35b from that.
          • Here's Brookings saying that the first year cost of Worldcom and Enron was $35 billion dollars. And that doesn't include the billions that Enron screwed out of California and other states:

            http://www.brookings.edu/comm/policybriefs/pb106.h tm [brookings.edu]

            Forbes reports that Enron owed $67 billion dollars (Worldcom owed TWICE as much), and the creditors were going to get less than 20 cents on the dollar. Turns out that they only had $12 billion to pay them.

            http://www.forbes.com/business/2003/07/11/cx_da_07 11topne [forbes.com]
            • Your a missing the point about the shifting. If I sell $1b worth of bonds based on fraud that $1b hasn't disappeared. The creditors might not get the $1b back but it went to shareholders or employees or somewhere else in the economy. It most likely went somewhere worse than the bond holders could have put it so there is a frictional cost. Say 5% or so.

              Some people lost money others gained. If I blow up a building the wealth is just gone.
              • I understand the point about the shifting, but I think you're underestimating the cost of corruption.

                As I pointed out in another post in this thread, corruption allows people to get rich unfairly. This also means that some other people are prevented from getting rich fairly. It's a direct undermining of the integrity of the capitalist system. There are countles countries around the world where widespread corruption is a significant part of their problems (think Central and South America).

                Obviously, money
                • You are still talking within the system. People "losing their retirement" is a choice we make within the system. We can simple the wealth back and it didn't happen. A bail out is within the system. Nothing is being destroyed one way or the other. Yes corruption and misallocation of wealth introduce a frictional cost which in the end can be destructive. 5% seems reasonable to me, lots of people would argue its closer to 1% or so. That's actually a very high number, I'm not underestimating the cost of co
          • Even if I grant the $35b figure ... I still don't see how Ebbers and Lay came close to doing this much damage.

            Two words: rolling blackouts.
      • 8) Resulted in an increase of oil prices from $20 barrel to about $40-50

        Yes, it's really remarkable how Bin Laden was able to pressure millions of Americans to buy SUVs, force our government to deep-six research on alternate energy sources, and to retroactively sabotage any meaningful forms of mass transportation.
        • And this wasn't happening in 2001 when oil was at $20.
          • The number one factor affecting oil prices is demand, shortly followed by production capacity and/or reserves.

            It is convenient for our current government to blame terrorism for a failure in planning and policy, but 9/11 did not cause current oil prices.

            If so, why did it take 3 years for the price to climb? Demand and Production capacity! When the price used to jump, OPEC adjusted production to stabilize it. Why can't they do the same now? Production is running pretty high already, and they can't just "tur
            • You are ignoring the vertex point. As for the jump in demand and OPEC's inability to respond; there has been an Al-Quida counter attack in Saudi Arabia. They've driven huge number of the westerners (who are needed for bring new wells onlne) out the country. The result is that Saudi is not the swing producer it used to be. Further they've managed to prevent us from being Iraq oil online.

              Yes world demand is high. But the shortage is being caused by enemy forces succesfully attacking our oil production.
      • Items 6-9 are only as large as they are in magnitude because of the war in Iraq, which has nothing to do with bin Laden.
        • Items 6-9 are only as large as they are in magnitude because of the war in Iraq, which has nothing to do with bin Laden.
          I agree re: items 7 & 8; however, items 6 & 9 (6: Resulted in large permanent increases in US airline ticket prices, 9: May have increased cancer rates and other long term health costs for something on the order of 2 million people) are directly related to the attacks and, therefore, bin Laden.
          • 6: Resulted in large permanent increases in US airline ticket prices

            The major increase in ticket prices are due to the increasing cost of oil, but even limiting ourselves to the 9/11 related price increases, there's a lot of overkill there, as well as the airlines using it as an excuse to raise the prices for an already ailing market. I'll grant calling the ticket price increase 'huge' is a matter of opinion, but when taken as a portion of the hundreds of billions the parent poster claimed, I'd be hard-pr
      • If I punch you in the face, you don't have the right or justication to use that as an excuse to go murder the family of your enemy who wasn't involved in the face punching in the first place.
      • You can see from the above that I'm hugely in favor of this law. The World Trade Center bombing:

        1) Killed thousands of highly productive people
        2) Shut down a section of a major US city for days
        3) Destroyed extremely expensive buildings which then required a very expensive clean up effort
        4) Shut down a all foreign trade for days
        5) Shut down a good chunk of the US transportation system for days
        6) Resulted in large permanent increases in US airline ticket prices
        7) Resulted in 2 wars
        8) Resulted in an increase

    • Sarbanes-Oxley slowed OSS corporate involvement (Score:1, Informative)

      by Anonymous Coward
      At the 2004 O'Reilly Open Source convention, r0ml Lefkowitz spoke about the impact of Sarbanes-Oxley on corporations and Open Source Software. This is the gist of what he said. Any corporate software products on the books are considered assets and are assessed at an arbitrary value for purposes of acquisition, etc. The accountants depreciate software system assets over a set number of years, often 3. So by the time the corporation has software of no more book value as an asset, that is when programmers
    • And now, they are saying that the burden of complying with a law that will help to prevent future abuses is too high? Boo Hoo.

      I don't think it's too much to ask companies to prove they aren't ripping us off.

      I'm pretty sure that it was already against the law for executives to loot a company and steal from the shareholders, even before Sarbox was passed.

      I am center-left on political, social and economic issues, and even I fail to see how another law will prevent future corporate scandals, when there are

      • I'm pretty sure that it was already against the law for executives to loot a company and steal from the shareholders, even before Sarbox was passed.

        True, but that's not what the law is about. The law is meant to make accounting more accurate, resistant to "fudging", and more transparent to investors.

        The problems at Worldcom and Enron (et.al.) happened because existing laws were not enforced

        Enforcement isn't possible without a certain level of transparency. The law forces that, and limits opportunities
    • As I'm heavily involved in SOX complaince at Big Blue I'm posting AC.

      I see nothing wrong with asking companies to prove that they aren't ripping off stakeholders. I do see a huge problem when the solution is worse then the problem. We used to have 3 or 4 corporate, customer, Price Waterhouse audits a year. At this point I've been involved in about 10 audits for this year. I have one person dedicated full time to audit a large part of which is SOX related.

      I fully expect to start seeing filing with the

    • Nice website. I just love opening pr0n at work.

  • What is Sarbanes-Oxley? (Score:3, Informative)

    by Anonymous Coward on Thursday March 31, 2005 @03:02PM (#12102546)
    Would it have killed the poster to mention what Sarbanes-Oxley is?

    Oh well, since he can't be arsed, here's a quote from the second link:

    "The Sarbanes-Oxley Act is a sweeping piece of legislation that regulates, among other things, how companies report financial results and disclose executive compensation. What's more, the law holds both company executives and external auditors directly accountable for the accuracy of financial reports and seeks to protect employees who blow the whistle on suspected fraud."
    • "The Sarbanes-Oxley Act is a sweeping piece of legislation that regulates, among other things, how companies report financial results and disclose executive compensation....

      Ok. So WTF does it have to do with software, hardware, or any anything else we generally talk about /.? Sounds like a potential pain for the CFOs and their legions of bean counters, not the CIOs and their geek armies, so what's up?

      • Re:What is Sarbanes-Oxley? (Score:1, Informative)

        by Anonymous Coward
        Section 404 of the act essentially requires companies to prove that they have adequate internal controls to ensure that the financial statements are accurate. What this ends up doing is cascading a simple thing (Is the 10-K accurate?) into a giant list of things, including IT procedures, HR and Payroll proceedures, etc.

        We got dinged on a few minor things, like no documented policy on hardware service level agreements. K-P-M-G considered this a "Significant Deficiency" in internal controls, which is one ste
    • Would it have killed the poster to mention what Sarbanes-Oxley is?

      No kidding. Another thing that would have been useful would have been had he pointed out what the fuck this has to do with IT.

      I mean, seriously, "All I hear from IT directors is Sarbanes-Oxley, Sarbanes-Oxley, Sarbanes-Oxley."? If *I* was a conservative (or corporate, if you prefer) lobbyist, and *I* wanted an issue on Slashdot that has nothing much to do with IT, *I'd* submit an article that mentions IT without any logical context, and re

      • No kidding. Another thing that would have been useful would have been had he pointed out what the fuck this has to do with IT.

        Easy -- E-Mail communications related to the operation of a business which is subject to SEC oversight (publically traded) is now considered a vital piece of corporate history which must be preserved.

        From this thread [sarbanes-oxley-forum.com] you can get the gist of it.

        Violated Section 17(a) of the Securities Exchange Act of 1934, Rule 17a-4 under the Exchange Act, NYSE Rule 440 and NASD Rule 3110 by fai

        • the executives can go to jail

          Which has little to do with IT. If IT fails to preserve email, IT won't go to jail. The executives will only go to jail if they are seen as negligent or otherwise accountable for IT's failure--which is the way it should be!

          There are huge IT ramifications involved here.

          You mean they have to click a check-box/add a config line to an rc file?

          OH MY GOD!!! SARBANES-OXLEY, SARBANES-OXLEY, SARBANES-OXLEY!!!!

          Your ignorance of SOX doesn't negate that this is very much an IT iss

  • One the best laws in a long time (Score:5, Insightful)

    by jbolden ( 176878 ) on Thursday March 31, 2005 @03:04PM (#12102577) Homepage
    There have been few laws passed in the last 3 decades which are designed to help people (investors are often mutual funds and pension funds) at the expense of executive management. Executives for far too long have been able to lie and then claim they didn't know they were lying. Because the SEC doesn't go after white collar crime they way they go after some 16 year old who rips off a 7/11 these guys never go to jail. By creating a paper trail hopefully more executives who commit fraud will go to jail and there will be some decrease in the amount of fraud in US business.

    If that's costs money I'm all for seeing the money spent.

    • I really have to agree with you. There should be a paper trail on this sort of thing. If that is "taxing manpower" then I have to ask you, what the hell were you actually doing before?

      I would love to see these white-collar criminals treating like the self-serving scum that they really are. Maybe we need to see a few of them get the business end of a night stick. Maybe we need to see them paraded out of their homes, which are promptly seized by the police, and into the back of squad cars with their cryi

      • The part you're missing is that this isn't hurting the average exec, it's hurting the stockholders. The extra fees are eating into profit, so everyone's 401k plan is going to start sliding... This BS legislation doesn very little except keep a LOT of auditors employed at the expense of the people the law was meant to protect.
      • I would love to see these white-collar criminals treating like the self-serving scum that they really are.

        Ditto! Instead of punishing the honest corporation for the sins of Enron and WorldCom, why not punish the actual lawbreakers?
      • reminds me of a episode of chappells show where he wished the roles were reversed on how the police treat people...so on one hand you have a business exec and the other a crack dealer.....its great fun seeing the swat team bust into the business guys house, shot his dog, interrogate him and send him to jail....

        if only.

  • More info... (Score:3, Informative)

    by Chris Pimlott ( 16212 ) on Thursday March 31, 2005 @03:09PM (#12102636)
    I had no I idea what this act was either, so I recommend checking out the Wikipedia entry [wikipedia.org].

    The Sarbanes-Oxley Act (officially titled the Public Company Accounting Reform and Investor Protection Act of 2002), signed into law on 30 July 2002 by President Bush, is considered the most significant change to federal securities laws in the United States since the New Deal. ... The goal of the act was to protect investors by improving the accuracy and reliability of corporate disclosures. The act covers issues such as establishing a public company accounting oversight board, auditor independence, corporate responsibility and enhanced financial disclosure.
    • The thing that gets me is that I can't find anything in the legistation that actually mentions technology. I think it was an excuse for the the "Big Accounting Firms" to impose new criteria for of what a firm must do before they'll certify a companies financial statements.

      In the Cincinnati financial district, there are accounting firms that can't remodel floors fast enough to hold all the people in their 'Sarbanes-Oxley wing.'

  • They made a bunch of security changes here, some of which they blamed on SOX. The worst one was 90-day password expiration. Is that really part of SOX, or just the local interpretation?

    They also closed off access to most ports besides 80, but I think that was just a local decision.
    • Well, the act specifies that records have to be accurate. And if corporate officers are relying on the data on the systems to be acurate, then the systems need to be secure. So anything that is part of "security best practices" is being implimented just to make sure. And yes, 90-day password expiration is generally accepted a best practice at a minimum.
      Also keep in mind that even if policies can be compromised, the fact that a policy is there can protect a company in the event of a lawsuit, whereas if th

  • SOX Sucks (Score:5, Interesting)

    by Anonymous Coward on Thursday March 31, 2005 @03:22PM (#12102802)
    I'm posting this anonymously as I wouldn't want it traced back to me, but I can tell you not only is it costly and burdensome, but it doesn't work. We are now in "compliance", but the changes we had to make to our systems not only didn't have any affect on my ability to alter financial data, but they made them less secure in the process, because external auditors know nothing about our systems, they only have a checklist of features that have to be enabled. It's nothing more than a costly joke that wastes my time and keeps me from doing work that would actually improve our systems. I've started avoiding small, quick projects that would benefit the users, because I would spend 5 minutes making the changes and then 2 hours spread over several days documenting them and getting the required approvals to implement them.

    • Re:SOX Sucks (Score:1, Informative)

      by Anonymous Coward
      I have to agree. At my employer, SOX compliance has simply gotten out of hand. It has gone from detailing the procedures used to control financial data to deailing the procedures used to control any corporate asset, including software and code. As a result, we are undertaking all kinds of efforts to ensure what a reasonable configuration management policy should already take care of. And we're doing it in such a way that it takes an inordinate amount of time and signatures to get anything productive don

      • Re:SOX Sucks (Score:3, Funny)

        by dynamo ( 6127 )
        I heard that the actual section 404 rules were not found, thus people have been making up all kinds of 'interpretations' to cover up that fact.
    • Wait, you're bitching because you have to spend time documenting system changes? How long have you worked in IT? Do you have any idea how important and valuable system and network documentation is?

      Next to reliable backups, I can't think of anything more important than a changelog.

      • Re:SOX Sucks (Score:1, Informative)

        by Anonymous Coward
        25 years, and this goes way beyond a changelog. It involves getting and documenting approval from people who don't even understand what I do, and don't want to know, that's why they hired me in the first place. They'll sign whatever I put in front of them, and even if they didn't, I could still make whatever changes I want to make, they would just catch up with me at the next audit and I'd get fired (assuming I didn't go out of my way to hide what I did). It has had no effect on the accuracy of our finan

    • "compliance" (Score:1, Informative)

      by Anonymous Coward
      Just a few things I've noticed here..

      Our blank check stock must be kept under lock and key. Great.. Well the key is just in a draw in the AP department.

      Control issue with AR not being able to recieve checks so in the event a check comes into our office instead of the lockbox it goes to AP. Well AP can't deposit the check without a customer # or Inv #. So they take the check to AR to get the info which generally means dropping it off and coming back later to get a stack of checks.

      Database security has bee
    • I smell BS.

      PS: see my journal entry about the perceived "anonymity" at /.

  • My wife is a an auditor for a big-4 firm doing SOX work. Cha-ching!

  • fyi (Score:3, Informative)

    by oliana ( 181649 ) on Thursday March 31, 2005 @03:40PM (#12102982) Homepage
    Sarbanes-Oxley is a law that only applies to SEC firms (firms that are publicly traded in the US and must report financial statements to the SEC.)

    Prevents Accounting firms from doing non-Audit functions for SEC firm that they also perform SEC Audits for (except tax-work, and only if approved by the SEC, and for work that produces minimal income to the Audit firm. These must be disclosed in the Financial Statements of the firm audited.) This is important becase an audit firm in the past could be doing as much or more work for a company in consulting as they were for in audit. The leads to an impression that the auditor might not be independant of the firm.

    Increases the required independence of the Audit Committee of SEC Firms (Members of the Board of Directors who hire and oversee Independant Auditors). This is important because the Audit committee should not be biased towards the company if they are hiring the independant auditors and overseeing their work.

    Makes Management of companies more responsible for the assertions they have in their Financial Statements (and assertion may be along the lines of "Currents Assets: $1.3 Billion" or "In the following year we expect to open three more locations in ..."). This is important because, if the CEO signs a statement that states that he knows financial statements are reported fairly and without any material misstatements, he cannot say in court that "I had no idea that this was happening."

    Requires Management to asses the controls associated with preventing fraud, defalcation and errors that could lead to materially misstating their Financial Statements, and requires an independant Audit of this assesment. (This would be the part that affects the IT community the most.)

    It also created a required record retention for audits, more thourough peer reviews of audits and rotations of the Audit Partners associated with the audit. (Thank you, Arthur Andersen)

    How this affected me:
    Many more jobs in the Audit field, mine being one. Which allows me to be a techy on the side, which is a lot more fun that it being work.

  • How I'm affected (Score:1, Interesting)

    by Anonymous Coward
    I work as a geek/developer at a well known fortune 500 oil company. I can say that although I personally thought SOX was a positive step in the right direction, the knee-jerk reaction of individual companies is stifling any benefit that may have been brought about as a result of SOX.

    Now, having seen the changes around the company and the assinine requirements that NON-financial related projects have to meet, I'd say it's worthless and will only cause the US economy to further stagnate.

    Just a quick
    • How exactly is it a fault it SOX that your company is creating stupid rules that have nothing to do with SOX? I can't even begin to follow the chain or reasoning here. Your company has bad management that can't implement requirements properly. That's a problem with your company not with the law.

    • Re:How I'm affected (Score:3, Informative)

      by pbrammer ( 526214 )
      A system doesn't have to interact with financial data to fall under SOX. If a system is used to even influence financial data (making a financial decision based off of sales numbers, for instance) it falls under the SOX realm.
  • I have a great job making Linux devices that companies use for SOX compliance.

    Thanks Sarbanes-Oxley!

  • The SOX demand on audit compliance covers the entire spectrum of business. Under the general computing section, there are strict guidelines for server logging, authentication audits, remote access, database access, incident response, change management, data integrity, data retention, monitoring, etc. This goes far beyond ethical standards involved with doing business as seen from an executive position. Executives will never understand everything involved with meeting the requirements this law has establish
  • I'm just a programmer/analyst working on developing and supporting one of our products -- I don't deal with the finance end of things. :-)

    Is it having an impact on IT resources that I can see? No, not really. I'd never heard of it until this story, in fact.
    • Is it having an impact on IT resources that I can see? No, not really. I'd never heard of it until this story, in fact.

      For others who may also think this has purely accounting applications instead of any tech implications should know that either as part of SOX or related to, corporate e-mail has now become court-admissable.

      Companies are expected to be able to retain (and possibly audit) their e-mail in case they are required for court purposes.

      Cheers

      • > For others who may also think this has purely accounting applications instead
        > of any tech implications...

        I didn't say it had no tech implications -- I said that I currently don't *see* any, at least in the area of the company where I currently work.

        > Companies are expected to be able to retain (and possibly audit) their e-mail
        > in case they are required for court purposes

        Interesting. When I worked at Northwest Airlines, we used to keep mail around for years (since we did a certain amount
  • This should give you an idea of what we think about it: The Sarbanes Grinch [bekit.net]. It made sense since the worst of it in our company was around the holidays, and it pretty much stole our Christmas away. We did make our deadlines, and are preparing for the next round this year.

    Oh - and I prefer to call it SarBox - makes it sound more like the disease it really is.

  • Why reward the guilty? (Score:1, Insightful)

    by Anonymous Coward
    The consultants that these businesses hire are responsible for the problem as much as the businesses themselves. The accountants and independent auditors are in the business of selling hours just like any other consultant.

    The new laws were crafted to solve a real problem, but only end up costing the businesses more money. Why should the same consultants that caused the problem be rewarded by a law that requires more paperwork and more billable hours for those who caused the problem in the first place?

    Co
  • SOX doesn't effect IT nearly as much as it does accounting. It really only dictated to us how our backups should be run, retention policies. A few of the other minor things involved how secure the servers containing financial information were (physical access), and tracking who should/shouldn't have access to financial software/files.

    In all of the above cases, we were already more than compliant. The only major change was the inclusion of a "special" character in passwords to make them more difficult
  • I recently left a company where they were working on Sarbanes-Oxly (SOX). At that company, at least, it was a huge waste of time and by the time I left a black hole that sucked up out IT budget and most of our time.

    Don't get me wrong, the idea behind the law is a good one, but the problem as I saw it is that its too vague in definition of what is a controlled system. Basically as I understood it any system that touched the financial records needed to be audited and controlled. For a smaller company with an
  • As a staffer of a 4th party company which sells products to 3rd parties to impliment and ensure compliance, I am figuratively rolling in the legislatively guaranteed income.
  • I'm not sure what SOX does, exactly, not into that magnitude of stuff.. but.. my retail company has been making all sorts of uncharacteristic declarations, stating "we need to do this now, because of sarbanes oxley" with no other explanation. *shrug* things have been improving drastically around here, i think.
  • In every scenario I've seen so far, none of our customers know precisely what they need when they ask us whether our software is "Sarbanes-Oxley" compliant. When pressed for details, they all plead ignorance.

    In terms of concrete specifics, I think there's a great deal of confusion out there as to whether a software company is even *capable* of being compliant.

    So, you Americans have my sympathy! Perhaps someday your congresscritters will have some measurable grasp on something other than their own two butt
    • I just tell them, yeah our software sox(sounds like sucks)... ROTFLOL...

      We have the same problem. Are you blah, blah, blah. Our real answer is, "our product has enough bells and wistles to meet that need". No joke, it really does. Its all about security and what kind of stuff your product it can do.

  • It lets me make all sorts of unreasonable requests of my co-workers, and then tell them it's required for Sarbanes-Oxley compliance.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close