Archive for March, 2006

SOX compliance SUX

Friday, March 10th, 2006

So the leaders of the IT department where I work got in big trouble with the SOX auditors and failed the SOX compliance test.  OUCH! Of course they must’ve known this for a long time because by the time the contractors got to know about it, there were diagrams and PowerPoint presentations outlining the strategy for becoming SOX compliant.  OK, SOX compliance according to Ernst and Young of course.

So I went and looked at the summary of the Sarbanes-Oxley act of 2002 to see what types of things that they were talking about.  As far as I can tell it’s all about accounting standards and trying to keep people from painting a rosy financial picture over a rotten core, the poster boy being Enron.

But according to Ernst and Young’s SOX experts working here, it is a SOX violation for technologists who develop and enhance new systems to login and modify anything on production.  Of course the production admins are responsible for dozens of systems and don’t have the knowledge to solve problems on specific systems, so it is my job to divine problems that might occur on a production system.  Only now, I can’t really get in and poke around because it is apparently a SOX violation.

The irony seems that Arthur Andersen went out of business because they took the heat for doing the accounting for companies like Enron that went belly up.  So guess who benefits from the new SOX compliance rules?  More consulting companies of course.  Another self-perpetual billable hours scheme as far as I can tell. And now those same consulting companies are trying to build the business around the world.  Even though SOX compliance is a US law, Ernst and Young thinks global businesses would benefit from SOX compliance.