« The 8 Purposes of the Sarbanes Oxley Act
How to find Sarbanes Oxley courses and trainings »

Disadvantage of Sarbanes Oxley Act

Some of disadvantage of Sarbanes Oxley that will make you confuse. Here is the list. The original list of 5 reason why implementing SOX is difficult can be found here.

1. Multi interpretation statement
SOX RCM Guidance is multi interpretation. If you hire a person from ABC audit firm to help you design RCM, than after a year we hire from DEF audit. I’m definitely sure that the result is will be different. Does it mean that the guy from ABC audit firm is smarter? No this is multi interpretation statement.

I’m definitely sure that a lot of question when designing SOX RCM, trust me, the multi interpretation statement is major source of a never ending meeting.

2. Text book auditor vs. real life IT process auditee
There is a big gap between SOX auditor and IT auditee, its matter on what do you see day by day. The SOX auditor main job is work with detail documentation. SOX auditor need to examine a lot of document. Complete and detailed document make them happy. But, IT auditee has a very different view, IT main focus is maintain availability of the system, most of them did not care about whether all process should be written in paper, should be signed, approved and others SOX auditor jargon.

3. Never ending control frequency
SOX auditor: No sir, frequency for this control is daily, and for that review is monthly, and also you should prepare for quarterly review. And don’t forget that each control has its own frequency

In SOX, every control that we created has a different control e.g. control for program changes it event based, so when you have a change request then you should follow that SOX rule you have been made. Control for incident monitoring is daily, so everyday you should record the incident that happened.

4. Global problem local hell
SOX said that every company that listed to NYSE should follow the compliance; every subsidiary company that owned by the company also should follow. What that mean? This means that making the local or subsidiary company becoming hell. Everybody now that local subsidiary company has different way perform the businesses compare to the head quarter. Implementing SOX is just the same as moving a very big problem to each subsidiary.

5. A Story of never ending process
You will never finish at this never ending process. Your management could hire another engineer, create new department for SOX compliance, and release new policies. But at the basic, it’s a never ending process

Ah that it’s. I’m pretty sure, that you have more list than I do. Do you have any comments?

Popularity: 24% [?]

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • StumbleUpon
  • Digg
  • del.icio.us
  • Technorati
  • Sphinn
  • Facebook
  • Mixx
  • Google
  • blinkbits
  • BlinkList
  • NewsVine

This entry was posted on Monday, April 14th, 2008 at 3:39 am and is filed under FAQ, article, glossary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply