Slashdot Mirror

← Back to Stories (view on slashdot.org)

SarBox Lawsuit Could Rewrite IT Compliance Rules

Posted by kdawson on from the sluice-gate-to-security-spending dept.

dasButcher notes that the Supreme Court will hear arguments next week brought by a Nevada accounting firm that asserts the oversight board for the Sarbanes-Oxley Act is unconstitutional. If the plaintiffs are successful, it could force Congress to rewrite or abandon the law used by many companies to validate tech investments for security and compliance. "Many auditing firms have used [Sarbanes-Oxley Section] 404 as a lever for imposing stringent security technology requirements on publicly traded companies regulated by SOX and their business partners. SOX security compliance has proven effective for vendors and solution providers, as it forces regulated enterprises to spend billions of dollars on technology that, many times, doesn’t prevent security incidents but does make them compliant with the law."

4 of 124 comments (clear)

  1. SOX is choking our companies, kill it. by SuperKendall · · Score: 4, Insightful

    I have worked for large companies in the past, and SOX is seriously undermining the ability to make changes, or indeed for rational process to take place in the daily operation of IT.

    SOX was meant to prevent another ENRON, but those things will happen regardless of rules - look at the collapse of organizations like FannieMae, well after SOX was in place. Instead we are harming all large businesses just to prevent a one-off case that we are not really preventing anyway!

    Kill SOX and let companies get back to what they do best, instead of spending a lot of time simply deciding what compliance means and using the rules to build (even more) fiefdoms within giant companies.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:SOX is choking our companies, kill it. by Zalbik · · Score: 3, Insightful

      SOX was meant to prevent another ENRON, but those things will happen regardless of rules - look at the collapse of organizations like FannieMae, well after SOX was in place.

      Huh? Do you even have a clue what caused the collapse of Enron vs. what caused the collapse of Fannie Mae?

      To use the mandatory car analogy, your argument is something like:
      I put winter tires on my car, but then I was t-boned at an intersection when I ran a red light. See, winter tires don't help prevent accidents!

      The two scenarios were completely different. Most of what SOX requires for IT should fall under good IT practice anyways. It basically requires controls to be implemented on financial systems in order to prevent fraudulent changes to financial data.

      Now I realize people at some corporations have used SOX as a big bat to force in their own pet IT projects. Or as a way of preventing any IT changes that they don't agree with, but that isn't the fault of SOX.

      If people are building personal fiefdom's within corporations, they'll do so with or without some legislation to use as an excuse.

    2. Re:SOX is choking our companies, kill it. by FatSean · · Score: 3, Insightful

      So you're the developer who doesn't think about logging, security or any other kind of operational issue when you develop? Sounds like your company has you in the right box.

      --
      Blar.
  2. Re:not found by sexconker · · Score: 3, Insightful

    I came to see the 404 jokes.
    I was not disappointed.