Dear Mark,

Your  'SOX and BRMS'  post last week has encouraged me 
to share my personal point of view about SOX.  

In my opinion, Sarbanes-Oxley compliance doesn't require an 
enterprise to do anything that good business practice did not 
already require a couple of decades ago. SOX just requires that 
external auditors do a more thorough job looking for 
distinctions between world class business practice and how a 
company actually operates ... and ... it requires that the auditors 
report those distinctions for review by investors.

It's not clear how well the "report-it-to-the-investors" part of 
the legislation is working. If anyone knows of an annual report
that has included a SOX-type complaint in an audit letter, 
please tell me more about it. If annual reports of that genre
can't be found, then we're left with two hypotheses:

  1. Thousands of publicly traded companies are doing a great 
      job running their business with sound internal control
      regimens in all functional areas (including IS). 

  2. The fear of annoying a client and not being invited to
      perform next year's audit has proved to be more compelling 
      than the fear of failing to observe the letter of Sarbanes-Oxley. 

      [Quite candidly, it's hard to believe hypothesis #1 given the 
       testimonies I've personally heard from managers across a 
       broad cross section of manufacturing industries.]

Long before SOX was invented, pharmaceutical companies
had much more demanding business practice requirements imposed
by the FDA. If your enterprise could get system-certified under
FDA's 21 CFR part 11 rules, SOX would be a cake-walk. 

There are several other IT compliance requirements that pre-date
SOX and here's a link to information about the better known ones:
http://www.unbeatenpathintl.com/ITstandards/source/1.html 

You mention BRMS (Business Rule Management System) 
software and that genre of tool can help an enterprise develop 
and maintain operational policies. But, it's not going to help much 
if the purchaser doesn't already grasp what world-class business 
practices are supposed to look like. 

   Without that intellectual property, the final deliverable won't
   help improve the quality of operations any more than many of 
   the ISO 900x policy books I've seen. (I'm referring to the 
   "just-write-down-what-we-are-already-doing-so-we-can-pass-
   the-ISO-audit-ASAP" type efforts.)


Warm regards,

Milt Habeck
Founder/President
Unbeaten Path International

www.upisox.com  
(888) 874-8008

"Unbeaten Path is in the business of 
  helping enterprises move towards 
        world class performance"




 
+++++++   +++++++   +++++++   +++++++   +++++++   +++++++
From: "Mark Allen" <scprideandms@xxxxxxxxx>
To:midrange-l@xxxxxxxxxxxx
Date: Mon, 27 Mar 2006 14:45:59 
Subject: SOX and BRMS saves of Application data and Objects

Looking for some ideas from somebody who's been thru this or at least part
of it.  I know a little about BRMS and not even sure "what" the SOX
Compliance people MIGHT be looking for.  I know this is vague but its all I
got for now. just looking for some general ideas.

Thanks, also feel free to respond off list. 



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.