Skip navigation.
Home
Doc Searls' IT Garage
Home » Blogs » doc's blog

Better disconnect those phones, too. Also the copiers. And the elevators.

Submitted by doc on Tue, 08/09/2005 - 00:43.

In Computerworld: Sarbanes-Oxley Trumps IM at Some Firms: Concerns about security, archiving prompt companies to unplug instant messaging systems. A sample:

Steve Ross, a director at Deloitte & Touche LLP in New York and a past president of the Information Systems Audit and Control Association, said he knows of two Deloitte clients that have disabled their IM systems because of Sarbanes-Oxley concerns. Ross declined to identify the companies, saying only that one is a services company in the southern U.S. and the other is a large New York-based insurer.

How about the rest of ya'll? Run into any of the same kind of audit-at-all-costs approaches to corporate governance of IT?

And how much does the whole notion of "governance" creep you out anyway?

»

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

SOX compliance and Devices -

Submitted by Mary Schmidt on Thu, 08/11/2005 - 20:08.

IMs? That's the least of their worries (And, don't forget the microwave!) But, seriously folks, I've seen two extremes in such corporate regulatory paranoia - from people keeping every scrap of paper (and chaining laptops to desk) to downright criminal "What, me worry?"

This IM nonsense is unnecessary - and it's also too little - too late. The horse is out of the barn, and wayyyy down the road...Old emails never die, and neither do old web sites...and people are now in the habit (and have the means) to share all kinds of data, all the time (the glow of the laptop by the campfire Iraq, and so on). One does wonder how much money such companies waste on such things - money they could better spend on doing things like - gee, I dunno - making the company a good place to work, improving customer service, supporting the local community.

»

It's the financial reports, stupid

Submitted by Anonymous on Wed, 08/10/2005 - 10:28.

I really got a kick out of the fact that Jefferson Wells - a company in the business of doing SOX audits - has failed to understand SOX.

Go back and read it, folks. While you're at it, read the SEC's clarifications of section 404 (http://www.sec.gov/info/accountants/stafficreporting.htm) where they emphasize that SOX is about financial reporting. That can extend to IT systems which have a direct impact on the accuracy of financial reports, but it DOES NOT mean that SOX applies to everything that has a microprocessor in it. SEC was clear:

"For purposes of the Section 404 assessment, the staff would not expect testing of general IT controls that do not pertain to financial reporting. "

Thanks for pointing this out. SOX is a good thing, but this hysteria has got to end!

»