SOX is Hell

SOX is everyone's worst nightmare come true

This article can also be found in the Premium Editorial Download: Storage magazine: Adding low-cost tiers to conserve storage costs

Think complying with Sarbanes-Oxley (SOX) will be easy? Think again. A user preparing for a SOX audit (who for...

obvious reasons requested anonymity) reports that complying with the regulation is a time-consuming, thankless task.

"This has been an unbelievably frustrating ride," he says. "We're making everything up as we go along, because there's no template to follow." Auditors are no help. "They tell us, 'We'll know it when we see it.' It's like trying to please the king."

The work itself, providing proof and documentation of compliance, is time-consuming "administrivia." "I'd much rather be running storage infrastructure; it's a lot more fun."

Forget about hiring consultants. Even if you can find one, "the big accounting companies are feeling their way around in the dark just like everyone else. A lot of my colleagues have hired consultants, but they're no further along than us."

What happens if you get it wrong? If the audit uncovers a material weakness, you must print a notice in the annual report--no one wants that. Furthermore, "if you're going to tell your CIO that it's OK to sign off on the IT portion of Sarbanes-Oxley, it'd better be right. If you fail, you pay with your job."

This was last published in August 2004

Dig Deeper on Data storage compliance and regulations

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.