Hi, and Welcome to Hell, We Will be Your Tour Guides, Paul Sarbanes & Michael Oxley
SOX in a Nutshell (directly quoted from the SOX site)
The Sarbanes-Oxley Act was signed into law on 30th July 2002, and introduced highly significant legislative changes to financial practice and corporate governance regulation. It introduced stringent new rules with the stated objective: "to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws".
It also introduced a number of deadlines, the prime ones being:
- Most public companies must meet the financial reporting and certification mandates for any end of year financial statements filed after November 15th 2004 (amended from June 15th).
- smaller companies and foreign companies must meet these mandates for any statements filed after 15th July 2005 (amended from April 15th).
The act is actually named after its main architects, Senator Paul Sarbanes and Representative Michael Oxley, and of course followed a series of very high profile scandals, such as Enron. It is also intended to "deter and punish corporate and accounting fraud and corruption, ensure justice for wrongdoers, and protect the interests of workers and shareholders" (Quote: President Bush).
The Sarbanes-Oxley Act itself is organized into eleven titles, although sections 302, 404, 401, 409, 802 and 906 are the most significant with respect to compliance (Sarbanes Oxley section 404 seems to cause most concern) and internal control. In addition, the Act also created a public company accounting board.
Perhaps one of the most remarkable aspects of this legislation however relates to its profile. It is very much in the public and media arena. The focus is certainly intense in this respect, creating yet another clear motivation for compliance. There is simply no escaping it!
All well and good, eh? I'm not sure password policies, software revision control, forced PC lock outs and a thousand other tiny IT related details are going to stop Corporate Execs from stealing millions of dollars. My personal favorite, from their own website mind you, is the following clarification "There is simply no escaping it!" Classic. You gotta love Big Government.
I can only hope this hassle, this incredible, collasal inconvenience that is bound to get users screaming, actually does stop Corporate Fraud in some way, shape or form. If not, at least we can take solace that several software companies are making a butt load of money off these scare tactics.
Comments
Remember, Karen: Any government powerful enough to give you everything that you want, is also a government powerful enough to take everything you value.
Posted by: Kevin B. O'Reilly | November 11, 2004 6:20 PM
Actually, SOX only gets users screaming if the people interpreting it miss the clue train. SOX itself isn't that bad - people misinterpreting it make it bad. (And the people doing that usually have a vested interest in making it bad)
As for the "big government" - who else should force companies to at least try to be accountable? The free market couldn't - I think WorldCom and Enron are evidence enough of that.
Posted by: groby | November 12, 2004 1:49 AM
Amen, Kevin and good points groby.
;)
Posted by: Princess | November 12, 2004 11:06 AM
Sarbanes Oxley can be a lot of fun! My lone collision with it was when the accountant responsible for its preparation (a nice guy pulled away from his normal auditing function, but new to the company) sent out a general e-mail to mid-level, and a few low-level, managers to complete his multi-page questionnaire file attached. I read through the file, added a few responses, and noted in the file that many of these were questions that did not address technical support issues but could be answered by the marketing and sales managers, Jon and Jan (names have not been changed as readers will not know these individuals). I returned the original file with my responses, noting on the reply that this was my response, providing no other comments.
Several weeks later the accountant approached me and asked if I intended to respond. He had not opened his original file which I had updated, thinking I had simply sent him the electronic finger - a blank reply - in defiance to his request (apparently my intolerance for internal accounting BS had preceded me). We got it straightened out in short order. I did not receive any subsequent Sarbanes Oxley requests.
I'm not sure which was more enjoyable to watch, his thinking I had stiffed him or his relief when he determine he had the response (such as it was) all along.
Posted by: John | November 14, 2004 9:09 PM