I did say that we do a good job with our IT security.  We are a very large
company and have the needed resources for that in the network and datacenter
groups.  But to this point 'we' computer people get to focused on the
systems and technology we work with.  We do not sell any computer like
services.  We make widgets.  If we spent time on reinventing the report
spooler in OS/400 we would not be doing our job, even if it was better then
the one the came with the OS.  SOX is not a bad thing it has forced us to
polish our procedures.  But, even the authors of the bill have stated that
they never intended it to become a burden on companies.  We have a full time
employee in this datacenter just working on SOX. We did a full internal
audit before the external guys setup camp for 6 months.  Our project plans
for 2005 we negatively impacted because of the audits, black out periods,
and SOX interruptions. 

Like my doctor tells me, he spends 65% of his day on required paperwork and
only 35% with patients.  This drives his per-patient cost up and reduces the
number of people he can help.  Just like us, cost up and customers down.
All due to the burden of over regulation for compliance.  The intent of SOX
was good.  The application of it by the big accounting firms has been
dreadful.

Short aside:
Today I got an email from HR saying all employees must click the link and
read the company security policy.  SOX mandated we do this once every year.
I clicked the link and was presented with a popup sign-in box.  I have no
idea what the login is.  
NOW THAT's SECURITY  

--
Doug Hart
 
 

-----Original Message-----
From: midrange-l-bounces+doughart=twcny.rr.com@xxxxxxxxxxxx
[mailto:midrange-l-bounces+doughart=twcny.rr.com@xxxxxxxxxxxx] On Behalf Of
qsrvbas@xxxxxxxxxxxx
Sent: Wednesday, April 05, 2006 6:41 PM
To: midrange-l@xxxxxxxxxxxx
Subject: RE: RE: Sarbanes-Oxley / my opinion

midrange-l-request@xxxxxxxxxxxx wrote:

>   3. RE: Sarbanes-Oxley / my opinion (Doug Hart)
>
>SOX does not help our company build or sell product but has cost us big 
>bucks.  Tell that to the stock holders.

Out of curiosity, regardless of my employer (PowerTech), I have to ask --

How were stockholders answered when they asked how often company information
assets were abused, stolen or altered without authorization and what the
losses amounted to? In a physical sense, would stockholders be pleased to
know that no one locked doors and there were no alarms in the buildings to
notify someone of an overnight break-in?

I would think that if such things were well handled before SOX, then there
shouldn't have been a significant cost resulting from SOX.

I know this has sounded confrontational, but I really have little idea (as
far as SOX goes for policy implementation). My view is obviously from a very
different perspective. I figure that anything I can learn from another
perspective gives me a better chance of doing my work better.

Tom Liotta




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.