posted on Saturday, October 08, 2005 10:54 PM
by
bknight
Sarbanes-Oxley Hell
<rant>
I, like many of my IT cohorts have been suffering through Sarbanes-Oxley (SOX) hell for the past 2 years. The goal of SOX is to make CEOs accountable for their entering false financial statements and rigging a stock. Somehow, this has blown out of control from a financial reporting regulation to IT regulation with very wide variants of interpretation. For example, some companies interpret it as a SOX gap that a DBA can update data in production without audit while others don’t care. So, some small public companies must purchase expensive tools to audit for such activities.
The viability of SOX as an enforceable law it seems is in question even in the latest ruling by a jury in the HealthSouth case. The HealthSouth case was the first court case where a CEO was convicted and ultimately let go free. The thing that gets me is if we can’t enforce the core of SOX (financial accountability), what’s the point into IT trying to comply to the extent we do today.
Let’s not get crazy here people. One company told me that building a server now takes more than 60 pages of documentation and about 800 hours of cumulative work because of SOX. This is going to kill America’s innovation and efficiency in the long run. It also parallelizes an organization when you know it’s going to take that much work to put a server into production, some people will think, “What’s the point?”.
As an IT professional, don’t forget to ask how you’re bringing value to your company and customer. SOX does very little of that and while I really appreciate the reason for it, reasonable minds must prevail.
</rant>