inside Sarbanes-Oxley
    Blog | Books | Jobs | Software | Resources
Subscribe to the inside Sarbanes-Oxley RSS Feed

Thursday, September 23, 2004

Reports from the Sarbanes-Oxley Front Lines

"Our auditors appear to be on the extreme side. Effective September 20, DBAs aren't allowed to hold administration rights in production because we're also considered developers. If a DBA needs access to the production environment, they have to wait for the Help desk to generate a work order, then request the ID from the network administrators (hopefully they're not busy at 2 a.m. when a job fails). And then there's all the logging we have to do now. At this point, we have over 20 logs that must be checked and acknowledged daily; by month end, it's likely to exceed 50. The joke around here is that we are going to have to start a new department with the sole purpose of reviewing the logs each day. The 'separation of duties' isn't a bad thing if you're fortunate to have a large IT department. But with seven people supporting offices in six states, there aren't enough heads for all the new hats."

The Sarbanes-Oxley auditors for this reader's firm have decided that they simply won't let production DBAs have the sa password. I wish this was a crazy, silly, extreme example, but I suspect that Dilbertian episodes like this one will become more common as more companies begin comprehensive Sarbanes-Oxley compliance activities. Another reader shared this scenario:

"We were just wrung through the Sarbanes-Oxley wringer here. And in my opinion, the effort was a total waste of time. The auditors didn't know what they were supposed to do, and they missed a lot of things that would have benefited from a closer audit scrutiny. Important concerns were either given a cursory look or totally ignored, while auditors focused on 'important' financial bottom-line stuff like "How often do you change passwords?" and "Where do you store your backup drives?" Those are certainly valid IT audit concerns, but I kept asking them "How does this affect our corporate financial statements?" It seems to me that auditors with lots of axes to grind went way overboard in using Sarbanes-Oxley as a big stick to get their way on certain things."

Reports from the Sarbanes-Oxley Front Lines


Send to a friend:

0 Comments:

Post a Comment

<< Home


Previous articles



From 'Can't' to Compliant



Privacy Is Overrated - Executives at publicly held...



Corporate Governance Reforms Manageable and Perman...



Will Sarbanes-Oxley Compliance Leave a Hole in You...



Coldwater Creek Selects OpenPages SOX Express for ...



Microsoft ready to make more big acquisitions, say...



Sarbanes-Oxley Moves EHS Auditing From the Backroo...



Private Companies Voluntarily Adopting Sarbanes-Ox...



FrontRange Solutions' HEAT Supports Sarbanes-Oxley...



Accounting students in high demand

Sponsored by:

Kumquat Get the feedback you deserve

Kumquat: Get the feedback you deserve
Learn more
FREE to Inside Sarbanes Oxley readers

Sarbanes Oxley Jobs



SOX to your inbox!
Just enter your email address below for daily
Inside Sarbanes Oxley updates.

Courtesy of the kind folks at FeedBurner


Still searching for Sarbanes Oxley
information? Use the search box
below to find the information
you need:

Google

August 2004

September 2004

October 2004

November 2004

December 2004

January 2005

February 2005

March 2005

April 2005

May 2005

June 2005

July 2005

August 2005

September 2005

October 2005

November 2005

December 2005

January 2006

February 2006

March 2006

April 2006

May 2006

June 2006

July 2006

August 2006

September 2006

October 2006

November 2006

December 2006

January 2007

February 2007

March 2007

April 2007

May 2007

September 2007

October 2007

November 2007

December 2007

January 2008

February 2008

March 2008











































































































About inside Sarbanes-Oxley

inside Sarbanes Oxley is dedicated to finding the best sources of news and information on the changing landscape of Sarbanes Oxley and compliance. Whether you call it SOX, Sarbox, or the Sarbanes-Oxley Act of 2002, look no further than inside Sarbanes Oxley.  More




Copyright © 2004-2006, Inside Sarbanes-Oxley
Privacy Policy

 

  

Additional resources

Try these recently updated resources:

RSS Feed

Interested in staying up-to-date on all the latest Sarbanes-Oxley news? Subscribe to the inside Sarbanes-Oxley RSS feed and get all of the latest news on SOX delivered directly to your feed reader.

inside Sarbanes-Oxley RSS Feed     Sarbanes-Oxley RSS feed