Sarbanes-Oxley Compliance Practices

Never heard of SOX? Well, either you don't work for a public company, or you've been living under a mainframe.

March 12, 2004

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Another Y2K

This project, I was told in no uncertain terms, was as big and important as Y2K had been, and we didn't have much time to get on it. To make matters worse, we would have to work with an independent auditing firm that--surprise--had developed a SOX-compliance practice. (I like the way they called it a "practice"--are they still trying to get it right?) The auditors required us to use their compliance system, basically a database to hold and report information related to compliance. Integrating the data from our systems into their database to regularly track compliance reports from the numerous ACME business units was an intimidating challenge. I didn't relish the idea of telling my department managers.

The project kickoff session with the auditors, held shortly after that initial meeting, amounted to a demonstration of their database, with the expectation that every member of the IT team would ooh and aah. When Josh attempted to explain that we might be able to integrate our data-reporting system with their database, the auditors immediately nixed the idea, and our protests were met with one of those "shut up or else" looks from our CIO, Steve Fox.

When I approached Steve after the meeting, he confided that Beane was insisting we use the auditors' reports--he didn't know why, and if he had any theories, he kept them to himself. Bottom line: The politics at play were going to make our technical work much more complicated.

Over the next few months, we worked with the auditors to figure out how to feed our data into their system--the right data sets at the right times. The auditors had thought we would do mostly manual data entry and some imports. Fortunately, we found we could use our application middleware to get the requisite information into the auditors' database without too much hassle. But it took time to get the data feeds and processes correct.Snapping Out of It

My morning caffeine kicks in, and I refocus on the presenter, who is showing slides depicting our new, integrated process and spewing drivel about the "synergy" between the auditors' database and our financial reporting system. What's synergy to them is a kludge to us.

Sometimes, I remind myself, you just have to play the game. This game is serious business. Sarbanes-Oxley isn't going away, and neither is our friendly SOX-compliance auditor.

Hunter Metatek is an enterprise IT director with 15 years' experience in network engineering and management. The events chronicled in this column are based in fact--only the names are fiction. Write to the author at [email protected].

Post a comment or question on this story.

0

Read more about:

2004
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights