ie8 fix
madison

Service Oriented

Joe McKendrick
Home / News & Blogs / Service Oriented

Goodbye, SOX?

By | May 18, 2009, 8:54am PDT

Keep your eye on this one: the US Supreme Court has just decided to review the constitutionality of the Sarbanes-Oxley Act of 2002.

According to today’s news, the Supremes said they would consider a legal challenge to the law, on the basis that it “violates the constitutionally mandated separation of powers.” (Free Enterprise Fund v. Public Company Accounting Oversight Board, 08-861)

The law, which directly affects public companies and indirectly affects the companies that deal with public companies, requires greater transparency and accountability in financial reporting. This is has been both a major headache and opportunity for information technology departments. As a result, the need to better trace data has been a business driver of many data management and service orientation efforts in recent years.

Some analysts say SOX has scared off companies from going public.

Even if the law were struck down and sent back to Congress for heavy modification, it has had an impact in shaping the goals of information technology going forward. Enhancing the visibility and accountability of data and applications delivering the data are worthy efforts that often make business sense. Such efforts should be continued.

A few years back, I wrote a special section for Teradata Magazine that explored the ins and outs of SOX compliance for companies.  (See Cover Story – “Uncovering Opportunity.”) I spoke with thought leaders such as Claudia Imhoff and Lee Dittmar, who encouraged businesses to look beyond the legalities to seize the business opportunities:

“Looking beyond sustainable compliance offers companies the opportunity to do new things with their data—to analyze and identify trends, improve customer service and eliminate redundancies in their supply chains. The effort is a continuous journey that, in the long run, will help companies become more efficient and informed in their processes.

“This is a journey that has to happen,” says Dittmar. “Compliance must be sustainable, and that takes work. The program must be effective and efficient. There are significant improvement opportunities, and it will take hard work to achieve the benefits. But pursued properly, this exercise can be translated from a compliance exercise into a journey that improves enterprise governance, enhances business performance and creates shareholder value.”

That’s a journey well worth taking, even without the government pushing the issue.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Service Oriented”

Topics

Sarbanes-Oxley Act, Information Technology, Accountability, Sarbanes-Oxley, Regulatory Compliance, Regulations, Financial Accounting, Strategy, Government, Finance, Human Resources, Policies And Procedures, Management, Joe McKendrick

Joe McKendrick is an author, consultant and speaker specializing in trends and developments shaping the technology industry.

Disclosure

Joe McKendrick

Joe McKendrick is an independent consultant, editor and speaker.

Joe has performed project work (white papers, articles, blogs, research and presentations) for the following companies in the IT marketspace:

  • CBS Interactive/CNET/ZDNet (this blog)
  • ebizQ
  • Evans Data
  • Gartner
  • IBM
  • Informatica
  • IDC
  • Microsoft
  • Systinet/HP
  • Teradata
  • Unisphere Reseach, a division of Information Today, Inc.
  • WebLayers

Joe has also performed research work for the following sponsoring organizations in partnership with Unisphere Research, a division of Information Today, Inc.

  • IBM
  • Luminex
  • Noetix
  • Oracle Corp.
  • Teradata
  • Informatica
  • International Oracle Users Group
  • Oracle Applications Users Group
  • Professional Association for SQL Server
  • International DB2 Users Group
  • International Sybase Users Group
  • SHARE (IBM large systems users group)

Biography

Joe McKendrick

Joe McKendrick is an author and independent analyst who tracks the impact of information technology on management and markets. Joe is co-author, along with 16 leading industry leaders and thinkers, of the SOA Manifesto, which outlines the values and guiding principles of service orientation. He also speaks frequently on Enterprise 2.0 and SOA topics at industry events and Webcasts, and serves on the program committee for this year's SOA & Cloud Symposium in London. As an independent analyst, he has also authored numerous research reports in partnership with Unisphere Research, a division of Information Today, Inc. for user groups such as SHARE, Oracle Applications Users Group, and International DB2 Users Group. In a previous life, Joe served as director of the Administrative Management Society (AMS), an international professional association dedicated to advancing knowledge within the IT and business management fields. He is a graduate of Temple University.

15
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Goodbye, SOX?
easwiedler 26th May 2009
Having worked with SOX for a while, I believe that the original intent has been expanded to the point that companies can no longer function properly in a changing world. It is now interpreted to mean "anything that may or may not have an effect on the company's financial health or reporting must be documented in excruciating detail and controlled by as many people as possible." We can no longer respond to the demands of our customers nor can we respond to our own visions and affect changes in our products that will keep us competitive in the marketplace. While I do believe in controls that will prevent illegal and unethical behavior, I think it is high time that we make a concerted effort to remove those controls that have not served us well and get on with business.
View in thread
0 Votes
+ -
What! No!
TheTruthisOutThere@... 18th May 2009
The "Credit Crunch" meant nothing to me, but kill SOX and who will pay my outrageous SOX consulting fees.

I'll be ruined!
0 Votes
+ -
Means something to you now, does it not?
The 'G-Man.' 19th May 2009
Cause & effect...

Time to live in the real world.
0 Votes
+ -
LOL - there went Accidenture and PWC easy
US Is ! Europe-ThankGod! 22nd May 2009
money stream, and KY sales would be down for the IT/Fin. departments.
0 Votes
+ -
It's about time.
Comnenus 18th May 2009
Sarbox is a failure. The Siemens corruption case was in complliance with Sarbanes-Oxley.

You don't have to look far to see that Congress knows nothing about Business or how to manage money - and that is who wrote the bill mandating business practice.
0 Votes
+ -
Contributr
SOX was a knee-jerk reaction
Joe McKendrick 18th May 2009
..to public outcry over the shenanigans of the likes of Enron. But it did set into motion new ways of thinking about the way data is moved across the enterprise. And such efforts were kick-start funded by boards and upper management out of fear of legal ramifications. But many companies now recognize that it pays to be able to have confidence in the information being drawn from across the enterprise.
0 Votes
+ -
Siemens Not About SOX
Richard-HK 19th May 2009
While I am not a total proponent of SOX, even though I've earned a good amount of money consulting on the compliance side, must disagree with Comnenus. Everything I've seen about the Siemens case relates it to bribery of foreign officials and other FCPA violations, not SOX. Siemens plead guilty to failure to maintain adequate books, records, and internal controls which could have either prevented or given early warning of the bribery. They did that as a deal with the SEC and German prosecutors in order to avoid actual trial for bribery of foreign officials, which from my reading indicates can be a criminal violation, rather than civil violation under both US and German laws (I'm not a lawyer, so that isn't an official opinion, only an impression from reading about the Siemens case). While the violations Siemens actually plead guilty to are similar to SOX requirements for internal controls over financial reporting, it definitely wasn't a SOX violation case. Also, of the 1.6 billion plus in total fines, penalties and return of illegal profits, less than half was paid to the US. So, the major part of the action was from other countries, primarily Germany, Siemens home country.

As for SOX, Terradata story Joe McKendrik wrote is a super analysis of both the state of SOX compliance in 2005 and the opportunities for improved governance that existed and many companies missed in the beginning. Although the surveys quoted in Joe's story indicated a large proportion of executives felt they and their companies received real benefits from SOX compliance, there is no doubt that initial costs were high. As a compliance consultant, one of the major contributors I saw to the high initial cost of compliance was that many executives started out asking the wrong question about compliance. Most often, instead of asking "How can we build the most cost effective internal control and governance system?", the question I heard most often was "What do we need to do to get a clean SOX opinion from our auditors?" Those questions do not result in the same answer, especially when considering that it appears that in conditions of uncertainty, auditors will ask for more work to be done in order to protect the firms from professional liability risk as much as possible.
0 Votes
+ -
RE: Goodbye, SOX?
michael.corcoran 18th May 2009
SOX for the most part governs financial accounting and reporting. Governance, risk and compliance (GRC) concepts are much broader covering strategy, operations, compliance and IT along with financial. Just better information and means of managing an enterprise to preserve and create value. Next extension of SOX.

Mike Corcoran, CPA, CGRC, CSOX
0 Votes
+ -
Contributr
GRC
Joe McKendrick 18th May 2009
Agreed. Effective compliance to meet any and all regulations (not just SOX) requires a governance structure that incorporates input from various parts of the enterprise, with the ability to recognize the risks inherent in failing to establish proper controls over information that is reported.
0 Votes
+ -
RE: Goodbye, SOX?
kps_46635@... 19th May 2009
While in theory this bill may have been a good idea. But in practice the goals were not attainable. I think that the Supreme Court will eventually declare that it is Unconstitutional!!
0 Votes
+ -
RE: Goodbye, SOX?
tluchese@... Updated - 19th May 2009
The spirit of SOX was in the right place, but it's execution was blundered right from the get-go. Completely overturning it will make matters worse - it will send the wrong message to the corporate world.
0 Votes
+ -
RE: Goodboy SOX? It's about time!!
rallcorn 19th May 2009
I cannot tell you how much of a headache that SOX has been to me as an IT professional! (most of you already know this anyway!) SOX has so many requirements and stipulations, many of which are not that effective ...

Welcome back to the FREE WORLD!
Now we can use our own God-given talents to secure our networks, and can equally compete with other businesses and government entities.
0 Votes
+ -
Maybe we need a simpler law
John L. Ries Updated - 19th May 2009
Require the CEO and auditor (who should be an individual, not a firm) to certify the accuracy of company accounts and financial statements, and hold both of them personally liable if they're not. If fraud can be proven beyond a reasonable doubt, imprison those responsible. Prohibit corporations from assuming the liability of officers arising from malfeasance (let the company pay the lawyers, but if officers are found liable, they should have to pay any damages out of their own pockets). Instead of making a lot of complicated rules, let juries decide whether or not any misstatements were made and what the consequences should be, as juries have been doing for nearly a thousand years. Give judges the authority to reduce any damage awards that they find to be excessive.

Maybe I don't understand SOX, but I fail to see why separation of powers is even an issue here. Congress laid down some standards (legislation). It's the duty of the SEC (appointed by the President) to enforce them (textbook executive authority). Am I missing something?
0 Votes
+ -
RE: Goodbye, SOX?
gabrielbear@... 19th May 2009
since xblr can be implkented simply thru a regulatory requirement, the same as obama did today on cafe,
http://baltbear-on-finance.com/stock-market-speculating-is-a-hold-up-shoot-them-with-x-barrels
then the only real issue is accountyinility and liability for error.
sox was, imho a knew jerk defense against being asked why in the mid 90s congress had dropped the requirment for auditors to be liable for their audits...
0 Votes
+ -
RE: Goodbye, SOX?
JerseyCurmudgeon 22nd May 2009
Having performed SOX internal self-assessments for several client companies since 2004, I have seen enough to know that neither side in this debate knows what it is talking about.

The principal objection to SOX from the Right - including the Stephen Moore operation that is funding the lawsuit, is that it imposes unfair and unnecessary burdens on generally virtuous and generally competent executive management. The Magic of the Market will invariably weed out the unvirtuous and the incompetent.

The problem with this is that the Magic of the Market is a myth, period. Corporate capitalism, and especially Finance Capitalism don't rest on the principles and values of Adam Smith so much as they rest on those of Gordon Gekko. If Stephen Moore does not know this, he is an ignorant fool. If he does know this, he is a charlatan.

The second objection from the Right is that SOX discourages many companies from going public.

So? Many otherwise decent companies go downhill precisely BECAUSE they go public, not because they cannot do so. Discouraging people from doing stupid things is not a vice, it's a virtue.

The principal objection from the Left is that SOX did not go far enough, and that only highly prescriptive regulation of executive behavior will prevent the recurrence of Enrons and economic bubbles.

Putting this kind of straight-jacket on management is just as bad as letting it do as it pleases with NO accountability. In every SOX engagement I performed, I found hidden opportunities for high-value, low-risk, sometimes NO cost improvements to financial and basic business operations.

The really virtuous, really competent executives who saw and acted on these opportunities improved, even if only by a little, their bottom-line and their top-line competitive advantage. But, in every case, they applied their own common sense in the context of their own operations, not a prescriptive solution from on high.

The real value of SOX and other regulations is that they encourage management to act efficiently, effectively, ethically, and in the best interests of their stakeholders. If some are too recalcitrant or too incompetent to understand this, they deserve to fail
0 Votes
+ -
RE: Goodbye, SOX?
easwiedler 26th May 2009
Having worked with SOX for a while, I believe that the original intent has been expanded to the point that companies can no longer function properly in a changing world. It is now interpreted to mean "anything that may or may not have an effect on the company's financial health or reporting must be documented in excruciating detail and controlled by as many people as possible." We can no longer respond to the demands of our customers nor can we respond to our own visions and affect changes in our products that will keep us competitive in the marketplace. While I do believe in controls that will prevent illegal and unethical behavior, I think it is high time that we make a concerted effort to remove those controls that have not served us well and get on with business.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix