Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Sarbanes-Oxley Compliance Practices

Another Y2K

This project, I was told in no uncertain terms, was as big and important as Y2K had been, and we didn't have much time to get on it. To make matters worse, we would have to work with an independent auditing firm that--surprise--had developed a SOX-compliance practice. (I like the way they called it a "practice"--are they still trying to get it right?) The auditors required us to use their compliance system, basically a database to hold and report information related to compliance. Integrating the data from our systems into their database to regularly track compliance reports from the numerous ACME business units was an intimidating challenge. I didn't relish the idea of telling my department managers.

The project kickoff session with the auditors, held shortly after that initial meeting, amounted to a demonstration of their database, with the expectation that every member of the IT team would ooh and aah. When Josh attempted to explain that we might be able to integrate our data-reporting system with their database, the auditors immediately nixed the idea, and our protests were met with one of those "shut up or else" looks from our CIO, Steve Fox.

When I approached Steve after the meeting, he confided that Beane was insisting we use the auditors' reports--he didn't know why, and if he had any theories, he kept them to himself. Bottom line: The politics at play were going to make our technical work much more complicated.

Over the next few months, we worked with the auditors to figure out how to feed our data into their system--the right data sets at the right times. The auditors had thought we would do mostly manual data entry and some imports. Fortunately, we found we could use our application middleware to get the requisite information into the auditors' database without too much hassle. But it took time to get the data feeds and processes correct.

  • 1