× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2006

Re: Sarbanes-Oxley / my opinion

Comments a few places,


It's not clear how well the "report-it-to-the-investors" part of
the legislation is working. If anyone knows of an annual report
that has included a SOX-type complaint in an audit letter,
please tell me more about it.
I just got the IBM annual report and went looking for SOX statement from the auditors. I found an extremely wishy washy statement saying that IBM maintained in all material aspects, effective internal control over financial reporting. In my opinion, the Ernst & Young breach was not effective internal control, but I am not sure if that happened before or after the date of the audit, and it could be that back stabbing 100% of IBM employees does not qualify as a material aspect of SOX. 


If annual reports of that genre
can't be found, then we're left with two hypotheses:


three hypotheses


  1. Thousands of publicly traded companies are doing a great
      job running their business with sound internal control
      regimens in all functional areas (including IS).

  2. The fear of annoying a client and not being invited to
      perform next year's audit has proved to be more compelling
      than the fear of failing to observe the letter of Sarbanes-Oxley.
3. Companies are failing to meet SOX standards, but auditors are also failing to locate the gaps. 


      [Quite candidly, it's hard to believe hypothesis #1 given the
       testimonies I've personally heard from managers across a
       broad cross section of manufacturing industries.]

There are several other IT compliance requirements that pre-date
SOX and here's a link to information about the better known ones:
<http://www.unbeatenpathintl.com/ITstandards/source/1.html>http://www.unbeatenpathintl.com/ITstandards/source/1.html 

You mention BRMS (Business Rule Management System)
software and that genre of tool can help an enterprise develop
and maintain operational policies.


Gee, I thought BRMS was just a fancy IBM backup system.



Milt Habeck
Founder/President
Unbeaten Path International

<http://www.upisox.com>www.upisox.com
(888) 874-8008

+++++++   +++++++   +++++++   +++++++   +++++++   +++++++
From: "Mark Allen" <<mailto:scprideandms@xxxxxxxxx>scprideandms@xxxxxxxxx>
Date: Mon, 27 Mar 2006 14:45:59
Subject: SOX and BRMS saves of Application data and Objects

Looking for some ideas from somebody who's been thru this or at least part
of it.  I know a little about BRMS and not even sure "what" the SOX
Compliance people MIGHT be looking for. I know this is vague but its all I got for now. just looking for some general ideas. 

-
Al Macintyre

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.