Sunday, October 16, 2005
Well, since it’s the weekend,I’m going to go off-topic (the topic, of course, being the Great Islamic Jihad) for a little rant.
I hate Sarbanes-Oxley.
For those of you who have been honeymooning on Titan for the last four years, “Sarbanes-Oxley” is shorthand for the Sarbanes-Oxley Act, Public Law 107–204, passed by Congress on July 30, 2002. The full text of the Act is here (in pdf format). It was a response to the financial shenanigans and corporate misdeeds performed by Enron, WorldCom, Global Crossing, etc., and is supposed to prevent American businesses from ever doing such naughty things again.
The following is Sarbanes-Oxley (known, at least in our company, as “SOX”) from an IT department’s point of view, so non-geek readers may want to tune out and skip this post.
I’m a database programmer in a company of moderate size. We just recently went public, and the requirements of Sarbanes-Oxley caused the company to engage the services of a SOX-compliance auditor and an IT/Network consultant. We had a meeting last week to go over the changes we would have to make in our practices in order to ensure that we become SOX-compliant.
Up until now, all the programmers in the department have had full access to the database servers; that is, with a user ID and password we could view, design, and make changes to any of the production data in the corporate databases. This has always been very handy: whenever Accounting messes up, and needs to move a nickel from the right-hand pocket to the left-hand pocket of a hundred thousand virtual pairs of pants, my bosses will ask me to design and run an update query to do the job. Things like this happen fairly often, and it has always seemed natural that programmers should have the capacity to do such things, as a part of their jobs.
But that’s all over now.
From now on we will have full access only to the test servers, and not the real data. Depending on our job descriptions, we may have “view privileges” for the production data, but no “write privileges.” Anytime Accounting needs IT to clean up their messes, someone high up will have to create a paper trail leading down from the CFO and the CIO to my boss, changing my permissions and allowing me a brief window to modify the production data, under supervision and also creating a full log of the changes made.
What a crock of solid waste.
We don’t have access to the check printers and check paper. We can’t make bank transfers to numbered accounts in the Cayman Islands. All we do is create and maintain millions of records of accounting and business-related data in databases, and write the code for the apps that give the users access to the data and provide reports for them.
Do you remember the corporate hijinks that prompted Congress to get all high-minded and create the SOX behemoth in the first place? Hiding corporate debt. Maintaining high share value by the accounting version of three-card monty. Colluding with auditing firms to keep bogus records so none of this escaped into the light. Fleecing shareholders out of billions of dollars and destroying the pension funds of thousands of employees.
Programmers didn’t do these things. Not even the network administrators were involved. It was the top-level corporate managers, the major accountants, and the lawyers.
Under SOX, who will be permitted to have the codes that allow access to the important data? The top-level corporate managers, the major accountants, and the lawyers.
This isn’t just locking the barn door after the horse has been stolen. It’s turning over the keys to the horse thieves.
SOX places yet another handicap weight on the legs of American businesses in the global commercial sprints. It is reckoned to add enormous costs to every company, requiring new layers of auditors and accountants and overseers and paperwork. Every year it will cost an additional umpty-bazillion dollars to run American corporations, thanks to good ol’ Uncle Sam.
And did Congress, in its generous foresight, raise taxes and appropriate funds to reimburse businesses for their extra expense? No, it didn’t; the cost is simply passed on to the consumer.
That’s you, Jack.
Yup. That widget you have been paying six bits for will shortly be costing you a dollar, thanks to SOX. It’s a present from Your Friendly Federal Government, a little secret taxation without any representation.
And all that extra money you’re laying out — whose pockets will it line? Why, those of the top-level corporate managers, the major accountants, and the lawyers, of course.
Yes, yes, I know: the programmers will get a little bit of it, too. So I’m biting the hand that feeds me. So what?
Posted by Baron Bodissey at 10/16/2005 08:37:00 AM