Slashdot Mirror

← Back to Stories (view on slashdot.org)

IT Braces for 'J-SOX' Rules

Posted by ScuttleMonkey on from the more-reasons-not-to-be-profitable dept.

jcatcw writes to mention that Japan-based businesses are prepping for new requirements, called J-SOX, similar to Sarbanes-Oxley in the United States. Even though details are not expected until next month, many IT managers are already working on implementing controls to handle the expected regulations. "Marios Damianides, an IT risk management consultant and partner at Ernst & Young LLP in New York, said he expects that the relaxation of some Sarbanes-Oxley requirements by the Public Company Accounting Oversight Board in the U.S. late last year should help ensure that the J-SOX rules won't be excessive for businesses."

14 of 57 comments (clear)

  1. How many sox do we need? by voice_of_all_reason · · Score: 3, Funny

    Chisox, bosox, and now jsox?

    Screw this, I'm watching hockey.

  2. FAQ from a company called Protiviti by sczimme · · Score: 4, Informative


    There is a J-SOX* FAQ here. Note: this is a PDF. I have no affiliation w/ the company.

    * "J-SOX"? I suppose it makes sense, but sounds too much like "J-pop".

    --
    I want to drag this out as long as possible. Bring me my protractor.
  3. Re:Comment anonymous for obvious reasons... by qwijibo · · Score: 4, Interesting

    Is that any different than the US? Everything I've seen about Sarbox is so vague that anyone can claim compliance if they have paid consultants enough money. The large bank I work for has a bunch of people who try to ensure that we're doing everything by the book, while management considers violating all of the rules to be a sport. It's always fun to have a large group of people telling you that you can be fired for failing to do things right when your management lets you know that if you do things by the book, you'll fail to meet your goals and will be fired. It's a life sized Dilbert cartoon. =)

  4. Flashbacks by techpawn · · Score: 2, Interesting

    I just remember filling out three forms to get applications into test for SOX. In to frigging TEST! *shivers and starts rocking* I'm SO glad I got out of that!
    I understand the need to track who did what and why and what the code is and all that jazz... But seriously, a year of my life was lost in that red tape...

    --
    Ask not what you can do for your country. Ask what your country did to you
  5. Bye Bye public companies... by Duncan3 · · Score: 4, Interesting

    The reaction to SOX here in the US has been to take companies private, or list in London instead of New York. The costs of SOX alone are easily enough to force you out of business if your competitors aren't burdened with SOX.

    I'm kinda surprised that Japan would be similarly desperate to rid itself of publicly traded companies.

    --
    - Adam L. Beberg - The Cosm Project - http://www.mithral.com/
    1. Re:Bye Bye public companies... by geoffspear · · Score: 2, Insightful

      Yes, yes, we all noticed that the New York Stock Exchange and NASDAQ completely closed down; you don't have to remind us.

      --
      Don't blame me; I'm never given mod points.
    2. Re:Bye Bye public companies... by boxless · · Score: 4, Interesting

      No, it isnt.

      Sarbox, as being practiced these days, are not best practices, except at the largest of companies. A lot of it is crap, and we're going to rolled over by more nimble competitors if we don't watch out.

      You know what, sometimes people are going to steal. And when you find that out, you prosecute. I'm sure there were plenty of laws that the Enron guys could have been charged with regardless of Sarbox.

      I don't think the controls at my company have been improved one bit because Joan in AP can't see the AR screens. Actually, it's worse now, because Joan can take over in a pinch in AR, all in the irrational fear that if she's given access to some information that's not part of her regular function, she's suddenly going to steal.

      And a little change to a webpage now takes 3 months (I'm talking a piece of text!). But, it is Sarbox compliant!

      Whoop-de-effing-do.

    3. Re:Bye Bye public companies... by Azghoul · · Score: 2, Insightful

      Wait...... libertarians are trying to form a royal class?

      Huh.

      Conservatives I'll give you... but libertarians have to HAVE some power for that to happen, don't you think?

    4. Re:Bye Bye public companies... by Duncan3 · · Score: 2, Insightful

      The NYSE and NASDAQ heads are whining almost daily about how all the big IPO's are now in London. The IPO is where the US brokers get the chance to screw the company of millions or billions, and funnel it to their friends, so this is really hurting them badly.

      So yes, they are effectively shutout. No US company can seriously compete with China cooking the books as hard as they can even without SOX, SOX just adds to the pain by killing the cooks.

      --
      - Adam L. Beberg - The Cosm Project - http://www.mithral.com/
    5. Re:Bye Bye public companies... by WhiplashII · · Score: 2, Insightful

      By the way, the cost of Sarbox compliance is estimated at $1M per $1B in revenue. At about $10T of total revenue in US public companies, we are spending $10B per year on compliance...

      To avoid a few billion lost in Enron, and a few billion lost in MCI - every few years.

      That is Congress math!

      --
      while (sig==sig) sig=!sig;
  6. Re:Comment anonymous for obvious reasons... by boxless · · Score: 2, Interesting

    Yeah, I reall think the vagueness is the worst part. Then it all comes down to what kind of company you work for, and what kind of IT department you have. If they are the controlling type, then the vagueness will lead them to slow things down to a crawl, all under the heading of compliance. It is an extremely frustrating thing to watch and participate in. Up is down. Black is white.

    If you have a more flexible group, then the vagueness might help.

  7. Re:Comment anonymous for obvious reasons... by ContractualObligatio · · Score: 2, Interesting

    The other side to the problem, bizarrely, is that it is too detailed. By which I mean, the financial guys didn't really have many rules for the IT department, and now they do.

    Which leads to your point i.e. Great, they've added a layer of detail by requiring IT to be "compliant", but it's so vague *within* that layer it's a nightmare.

    I've heard they might be talking about getting rid of the IT controls from SOX entirely and just letting companies get on with it.

  8. I am starting to work with J-SOX in the UK by dominux · · Score: 3, Informative

    for a Japanese company obviously. The thing you need to know is that the law itself is impenetrable in the US and Japan. Don't worry about it. Look for the document from COSO on internal controls (nasty - send this to the accounts department) and the COBIT framework (nice - keep this one in IT) COBIT is really really friendly and structured (34 chapters with loads of specific guidance on each), if you have been working with ISO 9000 and related things then you are going to like COBIT. COSO is woolly and unstructured, it sort of breaks down into 4 elements and J-SOX adds an extra one for IT controls, which as I understand it, probably just means that to do COSO you need to do COBIT.
    Just remember when they are handing out the responsibilities:
    COBIT = nice
    COSO = nasty

  9. Re:Comment anonymous for obvious reasons... by onkelonkel · · Score: 3, Informative

    flouting - the word you want is flouting. Flout - "to contemptuously disregard: flout the rules" Flaunt - "to display ostentatiously: he liked to flaunt his wealth by lighting a cigar with a fifty dollar bill"

    English is tricky.

    --
    None of them can see the clouds; The polished wings don't care.