The last few days I’ve been so busy helping a client deal with Sarbanes-Oxley compliance issues that I haven’t had much time (or energy) to post. I’m so angry about this entire matter that I can barely contain myself. Why Sarb-Ox hasn’t been more of a topic in the blogosphere completely baffles me. It’s an enormous problem whose costs are just now being borne and which are filtering down even to very small companies (not the intent of the act) because their large customers are off-loading their own costs of compliance onto them.
I’ll write about Sarbanes-Oxley sometime at greater length when I’ve collected my thoughts. Suffice it to say that the idea that a bunch of guys who’ve never worked for anything other than professional firms or the government are in a position to micro-manage American businesses from Washington, DC is patently absurd. When a machine has a problem you don’t solve the problem by throwing sand in the gears. Especially if you don’t plan on insisting that every country with similar machines throw sand in the gears of those machines, too.
Sarb-Ox was enacted in the aftermath of the Enron fiasco and it’s presumably about top management taking responsibility for the companies they’re being paid so handsomely to manage but, top management being what it is, it’s also about mitigating risk.
A lot of the hot topics in the world today are about mitigating risk: the crisis in dealing with Iran, the controversy about the invasion of Iraq, Google colluding with China to censor searches made in China, the Medicare drug benefit, Social Security, and a host of others. These are all issues of how you deal with risk. In making an evaluation of the proper course of action you need to take into account the likelihood of the event you’re considering actually happening, the cost of action, and the cost of inaction.
In a political environment dominated by highly agonistic discourse it’s pretty darned likely that one or more of those factors will be ignored in trying to build support for what you’ve already decided to do.
More later as time allows.
SOx and HIPAA are pretty much the banes of my existence. I’m so, so happy to be on a long-term contract now where I don’t have to deal with either.
I work in a corporate environment and we suffer from an amazing amount of redundant and useless paperwork. My current project took about 4 days to do the work, and going on 3 weeks for the paperwork.
I would be interested in hearing your specific troubles with SOx. Something along the lines of: The rule says we have to do XXX, and that’s not possible because YYY, or it takes ZZZ hours to do that.
Cheers
–Fred