Sarbanes-Oxley Costs Exceed Benefits

Posted by ryuzaki0 on Thursday May 11, 2006 @03:16PM from the fairly-obvious dept.

coondoggie writes "Two years of compliance with the Sarbanes-Oxley Act (SOX) have shored up corporate accounting practices - but with lopsided costs compared to benefits gained. Bill Gradison, acting chairman of the Public Company Accounting Oversight Board (PCAOB), said that guidance the SEC issued last year and PCAOB's latest auditing standard may not be enough to clarify the rules that govern the reporting and auditing of internal controls. 'Based on the information we already have, it would seem that some further changes may be in order,' Gradison said."

1 of 371 comments (clear)

Min score:

Reason:

Sort:

UNIX Audit Tools by __aahsof7392 · 2006-05-11 15:39 · Score: 5, Interesting

I have quite a bit of experience with Sarbanes-Oxley and UNIX compliance. One weak area is auditing root and shared account access. Generally the developers know the application account's password (like oracle or db2) and it's really hard to audit who did what. I created the tool Enterprise Audit Shell (EAS) which centrally logs shell access and sessions in an enterprise environment. Sessions can be snooped in real-time or played back at a later time. Each session is digitally signed and transmitted via OpenSSL. Project Site http://sourceforge.net/projects/eash Support Forum http://eas.strchr.net/