SOx - The Sarbanes-Oxley Act of 2002

[Sapporo Guy]

I've just learned about this recently

Can anybody tell me what kind of features in a software would be needed to fit these regulations?

I've spent the past 3 days going through google and I just can't find something that makes it easier to understand.

I get the concept of the Act (loool not that that one ) but I just can't seem to find any simple answers.

Maybe, I just should buy the book ... but I'm limited on time.


hehe, thinking of building my own system

[t951]

This is something that is already flooded with products. Look at compliance software by Symantec, EMC, IBM, etc.

This has been a gravy train for the big companies for the last few years...

There is also HIPPA, and Sunshine Laws (in Florida).

Good luck!

[HardDrive]

Let me sumarize the entire thing for you:

"Always ensure that documenation is documented in triplicate, and that as many unnesscary organizational roles as possible are created to ensure that data is not corrupted by management. If something does go wrong, managements a55 is going to get nailed. To ensure this does not happen, hire an expensive accounting company to deal with this, and get back to drinking whiskey."

[Oracle]

Quote:

Originally Posted by Sapporo Guy

I've just learned about this recently

Can anybody tell me what kind of features in a software would be needed to fit these regulations?

I've spent the past 3 days going through google and I just can't find something that makes it easier to understand.

I get the concept of the Act (loool not that that one ) but I just can't seem to find any simple answers.

Maybe, I just should buy the book ... but I'm limited on time.


hehe, thinking of building my own system

That is the most vague regulations in the IT history.. Basically you can do anything you want as long as you "ok" it and its documented. Of course the CIO will have to sign and agree that if you're running Enron-like system he'll be thrown to jail but thats a different story...

We're using Configuresoft (don't know if thats the vendor or the product name) and that seems to cover directory services, Unix, Windows, Oracle, Sybase and SQLServer.

Other software we evaluated was N-Circle and two others that I can't remember.

SOX Compliance can be really expensive... we had to use Guardium to audit database access, that alone is 1/4 million!

Then you have to get PWC or Delloite -like audit firms. Once again is $,$ and $.

Good luck!

[Jagshund]

I know of two firms involved with SO. One was doing a great job of 'selling fear' based on SO; their software redacted metadata from electronic documents and apparently they were going around telling companies they'd be in violation of the act if they didn't have this type of software in use around the office. Another was using it to convince trucking companies to use cube based pricing rather than traditional methods.

I would suggest buying the book, but if it's anything like the voluminous tax code book we won't be hearing from you for a long, long time.

[cab83_750]

SOX:

1. A project that takes 1 hours will now take 2 days or more because of documentation.
2. Since it is all about documentation, it is the best time to be a consultant.

[billwagnon]

I've done some work in the SOX field on the IT side in the past few years. SOX aka the "full employment for auditors" act.

The basic requirement for a publicly traded company is that they must know "for sure" that financial statements are accurate. I don't see this as a bad thing.

If you have a system that ultimately feeds numbers to financial statements, you must ensure that the system data is appropriately protected.

There was a lot of fear the first couple years and people went crazy, then things settled down a lot once the big 4 agreed on, imho, totally arbitrary levels of compliance.

[CJFusco]

Big game for the Sox tomorrow - Tampa Bay is coming into town with only 1.5 games separating the two for the division lead...

[pwd72s]

Quote:

Originally Posted by CJFusco

Big game for the Sox tomorrow - Tampa Bay is coming into town with only 1.5 games separating the two for the division lead...

I sure hope Jacoby learns how to handle change-ups better...for damned sure nobody can fault his fielding and base running.

[TheMentat]

Quote:

Originally Posted by cab83_750

sox:

1. A Project That Takes 1 Hours Will Now Take 2 Days Or More Because Of Documentation.
2. Since It Is All About Documentation, It Is The Best Time To Be A Consultant.

Bingo!

[VaSteve]

Tons of products out there and they only did part of the work. The easy part...low hanging fruit. The real work was in documenting all the stuff that didn't go through the software.

Happy to provide some advice, PM me if you'd like.

Steve

[cstreit]

Welcome to the Jungle!

I worked for a SOX software company for 2 years out of Cupertino. It's a rough game. We essentially helped facilitate the documentation. Keep in mind that this regulation generally applies to public companies, private companies do not need to worry, yet.