Sarbanes-Oxley Costs Exceed Benefits

coondoggie writes "Two years of compliance with the Sarbanes-Oxley Act (SOX) have shored up corporate accounting practices - but with lopsided costs compared to benefits gained. Bill Gradison, acting chairman of the Public Company Accounting Oversight Board (PCAOB), said that guidance the SEC issued last year and PCAOB's latest auditing standard may not be enough to clarify the rules that govern the reporting and auditing of internal controls. 'Based on the information we already have, it would seem that some further changes may be in order,' Gradison said."

UNIX Audit Tools

[__aahsof7392]

I have quite a bit of experience with Sarbanes-Oxley and UNIX compliance. One weak area is auditing root and shared account access. Generally the developers know the application account's password (like oracle or db2) and it's really hard to audit who did what. I created the tool Enterprise Audit Shell (EAS) which centrally logs shell access and sessions in an enterprise environment. Sessions can be snooped in real-time or played back at a later time. Each session is digitally signed and transmitted via OpenSSL. Project Site http://sourceforge.net/projects/eash Support Forum http://eas.strchr.net/

Very unpopular sentiment

[Bob_Robertson]

Government regulation always increases costs, because the regulation has costs of compliance.

Crooks don't comply, because they're crooks.

Customers, that's us, end up with higher prices for the things we buy, and higher taxes to pay for all the new auditors.

Martha Stewart goes to jail while the real criminals get away with what they've always gotten away with.

Politicians get reelected for having "done something".

To quote from the movie Spartacus, "I'll take a little republican [style of government, not party] corruption, along with republican freedom!"

Want to really put the screws to "corporate executive" crime? Then eliminate the government granted limited liability that a "corporation" represents. Allow thereby the officers of a company to be directly liable for their decisions, their accounting practices, their performance.

It's easy to follow the Big Lies handed down by the sensationalist press that don't want you looking at their own corporations and unions. S-O doesn't solve anything. It merely adds another layer of bureaucracy to the effort of getting anything accomplished.

Bob-

Re:Misleading summary

[Maxo-Texas]

SOX has reduced my productivity by 75%.
I spend the rest of the time (15 to 20 hours per project) filling out several forms that I didn't used to have to fill out, doing self-audits to confirm I filled out the forms, waiting for approval of my forms before I can go to the next step, etc.

Meanwhile- the execs in my company can write a $20,000 check without even a counter-signature from another exec and much larger checks with a counter-sig from *one* other exec with NO required paperwork of any kind and they get paid literally millions of dollars while our stock has declined constantly in price for years.

Why the heck sox means the "Massive Paperwork for Programmers" is beyond me.

And then when we have a high priority project that a big executive wants fast-- we toss all the paper work out the window and backfill it afterwards (even putting links to empty documents that will be filled in later).

Yea right- sox is a very good thing-- NOT. We already had laws against fraud. All we have to do is start ENFORCING them.