February 15, 2011 at 9:33 pm
Comments posted to this topic are about the item What Sarbanes-Oxley Won't Do
February 16, 2011 at 6:40 am
Dave Barry (or was it Scott Adams?) once said that if he had to sum up the reason for the failure of mankind to achieve its greatest potential in one word, that word would be "meetings"...
In today's corporate culture, that word could easily be replaced by "SOX"...
Many people think Sarbannes-Oxley (SOX) was designed to prevent fraud -- it wasn't... It was just designed to make it easier to detect... theoretically...
But here's the problem: SOX isn't designed to detect (or even responsible for the detection of) collusion between 2 or more individuals... So, if a control owner is willing to falsify results, and a control reviewer is willing to go along with that (or not willing to look deeply enough to notice), SOX will never catch that... In it's current form, SOX would not have stopped Enron, MCI, WorldCom, TYCO, or any of the other billion dollar blowups in recent years... All it has succeeded in doing is convincing investors that there's a level of security that doesn't exist...
oh, and it has done a wonderful job of keeping auditors employed for the foreseeable future... and made the lives of IT people everywhere a living hell...
February 16, 2011 at 6:40 am
A classic example of expensive meddling by Congress trying to solve problems that simply cannot be solved by regulation. But Congress critters (and voters) don't seem to learn from that.
...
-- FORTRAN manual for Xerox Computers --
February 16, 2011 at 6:51 am
Steve,
What is an ISO?
I don't have to deal with Sarbanes-Oxley (SOX) but I do have to deal with HIPAA. Although not the same, they are cousins. The U.S. congress passed these without knowing the ramifications or if they would do any good. They were passed in response to some perceived public outrage.
SOX was passed because of the public outrage over Enron. It was supposed to make companies more accountable.
HIPAA was passed due to public uproar over employees losing health care when they lose a job and the inability to get health insurance because of pre-existing conditions. It was supposed to make it easier to keep health care when between jobs and to remove the barriers for pre-existing conditions.
I doubt either of them does what was intended by the sponsors. They only make work for organizations and created unnecessary consulting industries.
<spelling edit>
February 16, 2011 at 6:56 am
OCTom (2/16/2011)
Steve,...I doubt either of them does what was intended by the sponsors. They only make work for organizations and created unnecessary consulting industries.
It's the classic "something must be done' syndrome, which is, unfortunately responsible for all sorts of useless and expensive regulations. What people need to understand is that making more rules is almost never going to change peoples' behavior (especially if those people are already breaking the existing rules).
...
-- FORTRAN manual for Xerox Computers --
February 16, 2011 at 8:14 am
It does, however, make a lot of work for many companies.
Which in return costs those companies money.
February 16, 2011 at 10:58 am
"I'm just happy to say that SQLServerCentral.com is not complying and I, for one, am thrilled :)"
But Steve, isn't it about time that SQLServerCentral goes public? 😉
February 16, 2011 at 3:16 pm
SOX is very much like airport security. It's a burden on the innocent, a deterrent for the uncommitted, and useless against the determined. With each new layer of government intervention and regulation, you can hear the sucking sound of a million jobs being lost to <insert developing nation here>.
James Stover, McDBA
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply