Precisely Speaking

General Category => Rants & Raves => Topic started by: precisonline on May 23, 2008, 08:40:11 AM

Title: Why Sarbanes-Oxley is Bad For America
Post by: precisonline on May 23, 2008, 08:40:11 AM
I have a really great customer who, for as long as we've worked together, has been EASY to work with.  Great people, very accommodating, and as a result we've been able to do great things for them with minimal expense or hassle.

Problem is, they're a public company, and subject to all this Sarbanes-Oxley madness.  Well, the stuff hit the fan this week and now everything is locked down, documented far beyond an inch of its life, and to even get a connection requires an actual interrogation by someone who likely has absolutely no idea who I am, what I do, or why I need to connect.

A simple 2 minute research just took > 30 minutes; 12 of those were the interrogation; 3 were authentication, and the remaining 15 minutes was spent finding my way around the security that prohibits God Himself from doing absolutely anything on that system.  And this is progress?

What used to be simple is now hyper-complicated with the added risk of prison if anyone steps out of the line.  In other words, Sarbanes-Oxley is the manifesto of the new American gestapo and before it gets repealed, a number of very good businesses are going to become so dramatically overhead-laden that many will fail and those that don't will have no choice but to go private to escape the hyper-zealousness of this Nazi policy.

So what do you think might happen to the stock market if a number of large American companies went private?  You can bet that when it happens the loss that led to the creation of this disaster will be nothing compared to the devastation to follow.

I'm all for protecting people from the likes of the idiots that killed Enron, but frankly, this isn't the solution.  This is another substantial governmental boondoggle that carries with it the opportunity for total decimation of the American commerce infrastructure.  So Mr. Sarbanes and Mr. Oxley, I hope you've fattened your pockets substantially enough to save you when your ill guided ideas of protection destroy "we the people" because those stock options you have hidden in the back of your sock drawer are soon to become worthless.  And make no mistake about it sirs, YOU will be responsible and if there is any justice left in the world, you should be hanged by the neck until you are dead.
Title: Re: Why Sarbanes-Oxley is Bad For America
Post by: Tom Pellitieri on May 23, 2008, 01:42:45 PM
If Susan doesn't weigh in on this, I'll be very surprised....

As I recall, SOX requires computerized information to be secured from unauthorized updates.  The problem, however, is that it is EXTREMELY vague about just what sort of information security measures are required. typical knee-jerk reaction, many companies have chosen to implement measures above and beyond what is necessary, or sufficient.

To be honest, the bottom line is that upper management should be held responsible and accountable for their financial statements.  The fact that they really don't have an understanding of just what is necessary or sufficient to protect themselves means that we have a lot of over-kill.

It's like adding hi-tech surveillance/permanent video archive/multiple locks to the henhouse to make certain you don't misplace one egg...

Title: Re: Why Sarbanes-Oxley is Bad For America
Post by: precisonline on May 23, 2008, 02:06:38 PM
Yeah, I fully expect to hear from Susan at some point.

I agree that upper management should be held responsible for their DECISIONS, including but not limited to their financial statements.  Absolutely.  But how does me getting interrogated by someone who knows absolutely nothing about my role or task actually achieve that objective?

In an article I wrote right after the economy tanked following the terrorist attacks, I wrote "We've heard stories of terrorists' plans to destroy the American economy. Who knew that all it needed was a push and we'd inadvertently continue the damage?".  At that time SOX wasn't even in the picture, but now that we see what it has become, clearly SOX is the worst kind of terrorist tool with the potential for damage beyond our wildest imagination.

What really bothers me is that SOX in its current incarnation doesn't actually solve anything other than setting millions of dollars on fire.  And you're right, it's like installing that high tech surveillance you mentioned, while all the time leaving the door open and hoping we catch the fox on the camera.   It's not prevention, it's reaction of the worst kind, and it's triggering a massive amount of unnecessary expense in a failing economy for the sole purpose of supporting bigger government and a new cottage industry of auditors to enforce a collection of vague rules with immense punishment for failure to comply.

Hmm, haven't we gone to war and lost a lot of valuable lives to prevent this exact kind of tyranny?
Title: Re: Why Sarbanes-Oxley is Bad For America
Post by: Tom Pellitieri on May 30, 2008, 08:07:56 AM
Hmm... it's been a week since Kevin posted this...

Mark me "Officially Surprised" :)

Title: Re: Why Sarbanes-Oxley is Bad For America
Post by: precisonline on May 30, 2008, 08:19:06 AM
Maybe she agrees?
Title: Re: Why Sarbanes-Oxley is Bad For America
Post by: sjoslyn on May 30, 2008, 12:09:24 PM
Here's the thing (besides that I forget to check these forums or I would've jumped in sooner!) - I don't disagree about the downside to all of these controls but I do disagree with blaming SOX or even Wall Street - or even Enron - for them.

It is the advancement of our technological society and the natural evolution of the criminal mind that is at fault!

Believe me, SOX is not going to be repealed.  It will be smartened up, some.  Has been.  Further changes are on the drawing board.   But it is also going to be joined by many bretheren.  Legistalation on privacy, security in addition to the current industry specific alphabet soup of HIPAA, BASEL, PCI etc.  Plus international legislation and cooperative inter-national compliance. There is so much coming down the pipes that you probably better go get your galoshes and your slicker, now.

I don't know if anyone remembers me SCREAMING against the wind in the earliest days of SOX.  "STOP OVER-COMPLYING!"  "Try to stay focused on WHAT problem you are trying to address."  But I was, alas, unheard.  The huge expenses of SOX were foolish choices that companies made and - in some cases - exploitation by auditing firms.  And when it wasn't exploitation or foolishness it was over-compensation.  After what happened with Anderson, auditing firms were afraid  not to over-over-over comply and docu-docu-document.

Are the controls cumbersome? Yeah.  Is society hunky-dorey without 'em?  Naw.  The fact that we drifted along with so many opportunities for exploitation for so long is what is really surprising.  And the fact that more of us weren't personally affected.  We are in a period of civilisation where problems are evolving faster than solutions.  (Get me started on legistlation on legal discovery - talk about an area that simply can't keeep up!)  We are in an era where the phrase "zero day exploitation" has entered the common vernacular.  And if you don't know that it is (I'll be surprised) it refers to hackers taking advantage of a hole in security the very day it is released!  Before anyone has had time to catch it!  An agile, evil little criminal is so much more capable of wreaking havoc that our slow, beurocratic legislative bodies have to go to these extremes to try to block breaches we haven't even thought of yet!

I don't put my mail in the mailbox the night before anymore.   I have a password on my treo.
Sarbanes Oxley didn't make me do those two things (and many others).  These were self-imposed inconveniences.  While they are annoying, they are less annoying than trying to recover my identity or explain to everyone whose private data is in my treo ...

So.  Yeah.  The whole firewall / password thing is driving me nuts, too.  I have one customer I have to CALL ON THE PHONE FOR A FOB before I can get on their system.  Argh.  And many of my customer sites not only rotate my password faster than you can say "abracadabra" but they have these stringent policies about re-use and sequentials and anything that resembles 75% of a previous password and all the tricks that I would use to remember my dang password.  It's crazy making.  But SOX didn't make 'em do it - knowing companies that have been breached made them do it.   Can anyone say TJ Maxx?

So rant away, Kevin - but rant at the hackers and fraudsters and those of weak moral character, not the poor schmucks that are rushing around trying to make up rules to protect civilization from them!
Title: Re: Why Sarbanes-Oxley is Bad For America
Post by: precisonline on May 30, 2008, 12:44:59 PM
Susan, you make several very valid points.  If it weren't for the agility and depth of depravity of the common criminal we would not be facing these kinds of issues.  But marketing things like SOX as protection is lying in the worst possible way because it gives some sense of security through compliance, when in reality nothing is REALLY more secure.  This is exactly why I consider SOX a Nazi policy; Hitler marketed security through compliance, and that led to unthinkable tragedy.  SOX is merely a step in that exact same direction.  Giving politicians - many as corrupt as the criminals that they are trying to squelch - the power to inflict punishment upon the populace for failure to comply with indeterminate and ill-conceived "laws" cannot possibly provide anything more than incentive for the further development of the criminal mind with no true security benefit to match.  Oh, and there's the added "benefit" of setting billions of dollars on fire with no commensurate ROI.

I have to believe that this kind of corruption will be repealed when someone, somewhere, gets the good sense to see it as the foreshadowing of a repeat of a tragic history.  Furthermore, I only hope I don't live long enough to see the U.S. government overthrown by force due to stupid decisions on a massive scale that have intentionally destroyed the lives of the people they swore to protect.

Make no mistake about it, SOX has the potential to be the most devastating weapon of mass destruction imaginable.  The question isn't so much whether it'll happen, but when.