The Business Controls Caddy

Permalink Book Review: The Joy of SOX




Let's face it. In the current business environment, SOX sells. No, not the Boston Red Sox winning the World Series, but the Sarbanes-Oxley Act of 2002. Yet people find little joy on the whole process, and when I show people the Hugh Taylor's new book called The Joy of SOX: Why Sarbanes-Oxley and Service-Oriented Architecture May Be the Best Thing That Ever Happened to You (2006, J Wiley and Sons, 312 pages, ISBN 0471772747), they roll their eyes and say "What Joy?". What they do not realize with this first impression is that Taylor does something I have not seen in a book on Sarbanes-Oxley. He presents the content as a unified case study from start to finish. In doing so, the author makes available a reference of real world examples addressing SOX, COSO, COBIT, and the use of service-oriented architectures to facilitate what he calls "agile compliance".

Taylor introduces the reader to a rather small cast of characters by design. There is the overly ambitious, new CIO who totally wants to reinvent the company without any consideration for the SOX activities that are on-going. There is his trusty, military trained deputy. Then there is the CFO and the CIO, who do not get along at all. This should sound familiar to people from many organizations. The mission is to reinvent the company into an agile organization, without losing any of their compliance gains to date.

To do so, the author must take the reader on a journey. The first stop along the way is to give an overview of the fictional company, the good, the bad and the ugly. Taylor touches upon both organizational and product challenges, risks, and an introduction to the company's financial statements. It is into this environment that the corporate board ousts one CEO in favour on new blood. The new blood has his own set of bold, visionary ideas on how to turn the company around, but is clueless as to how what he wants will impact their compliance with the Sarbanes-Oxley Act. In fact, the new CEO has to persuade the CFO to stay on board. It is here that he gets his first whiff of Section 404 of SOX.

It is at this point where the journey takes another stop, as the author introduces concepts surrounding risk, COSO, control objectives, and control components. The journey then ventures in discussions of the relationships between internal controls and business processes, and their impacts on financial reporting data. The reader is then introduced to COBIT, with specific emphasis on a specific subset of COBIT for illustrative (and real life) reasons. The author does an excellent job of explaining COBIT and the challenges of implementation. There is an important emphasis made that is would be cost prohibitive to implement COBIT 100%. It would also be unrealistic. At this point of the journey, the author talks about the pain of SOX. It is here that the discussion moves onto what needs to happen for a company to be truly agile without compromising compliance. This culminates in discussions of how SOA can help facilitate agile compliance.

What I Like About the Book

There is a lot to like about this book. First and foremost, it is a comprehensive case study, putting real world examples on materials which are very dry in a vacuum. I also like the fact that the author is very frank in his discussions of the pluses and minuses of the topics. He is up-front in telling you that although he sells SOA Software and this is point of view, this is only one alternative solution. The key is that he sees a need to break down organizational silos.

What I Did Not Like About The Book

The book jacket talks about how this book is written by a Harvard MBA, and sometimes it comes across this way. Specifically, there were a few times where the author would throw in words which required a dictionary be close at hand. Yes, my vocabulary obviously has some limitations, but the content so be written as clearly and simply as possible. There is no reason to use a $10,000 word when a $1 word will do just as well. Another point is that although the author is clearly taking a view in line with Compliance Oriented Architectures proposed by Redmonk, the author does not address how SOA will not only benefit SOX compliance, but will also break down compliance silos as well.

Who Should Read This Book

Although this book is intended for general business readers, it should be considered a must read for anyone facing the challenges of SOX compliance at an architectural level. IT people may not get a firm grasp on the accounting issues, but this will help them along that path. For the business side of the house, it will clearly help them better understand the business path. Even people familiar with COBIT will get aditional insight from this book.

After all, compliance is a journey.

The Business Controls Caddy Scorecard

Eagle on a Long Par 5

Amazon Link



Comments
06/22/2006 08:07:17 PM

Comment posted by Wild Bill06/22/2006 08:04:30 PM
Homepage: http://www.billbuchan.com


Chris. Your kidding, right ?

--* Bill

Add Your Comments



Email addresses provided are not made available on this site.





You can use UUB Code in your posts.

[b]bold[/b]  [i]italic[/i]  [u]underline[/u]  [s]strikethrough[/s]

URL's will be automatically converted to Links


:angry: :-( :-p :lips: :laugh: :-o :rolleyes: :huh: :-D :grin: :cool: :cry: :-) :-\ ;-) :-x :emb:






Remember me    

Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This may take up to 10 minutes.

Site Name

Permanent URL of TrackBack Post

Title of Post ( If Any )

Excerpt of Post ( Max 250 Chars )



Page 1 of the Leaderboard

 About This Blog

 Publications

 Book Reviews

 IDC Publications

 CERT/Phishing Alerts

 




Get on Board!

In The Bookstore

Search
Google
Sponsored Ads
My Other Blog

Fighting Fud

Fear, Uncertainty and Doubt (FUD) are too often used as marketing tools. And too many mainstream publications are citing reports that have no validity. So if you know anybody who is citing these publications and reports to make business decisions, please point them to one or more of these links. You can also point them to the "Fighting FUD" index of stories and/or add the "Fighting FUD" graphic link to your web site.



flag icon graphic Microsoft Tries To Feed Up More FUD, Again

flag icon graphic Lies, Damn Lies, and Radica...oops I Mean Statistics

flag icon graphic On Forbes, Foolishness and FUD

flag icon graphic When Technical Magazines Fuel FUD


Fighting FUD Blogroll
Tom "Duffbert" Duff
Chris Linfoot
Matt White
Joe Litton
Jeff Crossett
Gerco Wolfswinkel
Chris Whisonant
Gregg Eldred
Richard Schwatrz

Leaderboard By Category

About Me
About the Blog
Accounting Software
Admin2005
Articles
Auditing Standards
Best Practices
Best Practices - Coding
Blogging Risks
Blogging Templates
Blogsphere
Book Downloads
Book Reviews
Bookstore
Business Continuity
Business Continuity/Disa...
Business Controls
Business Controls Humor
Business Process Re-Engi...
Caddyshack
Case Studies
Collaboration Tools
College Football
College Hoops
Commentary
Community News
Compliance
Compliance Tools
Compliance Tools - Lotus...
Conference Presentations
Control Frameworks
Control Self Assessment ...
Copyright, Fair Use and ...
Corporate Governance
Data Protection
Daylight Savings Time
Dimensions of Leadership
Disaster Recovery
E-Commerce
E-Mail Compliance
E-Mail Etiquette
Employee Policies
Ethics
Exposure Drafts
Eye on Sports Media
Fighting FUD
Fraud Prevention
General
Going Green
Golf
Governance Cup
Government Compliance
HIPAA
Humour/Satire
IBM Pensions
IM Controls
Internet Safety
Interviews
Ireland 2007
IS Governance
IS Governance At Home
IT Audit Tools
IT Governance
IT Governance Insight
ITIL
Just for Fun
Licensing
Live Blogging Tools
Lotus AdvisorLive
Lotus Notes 8
Lotus Quickr
Lotusphere 2005
Lotusphere 2006
Lotusphere 2007
Lotusphere 2008
Lotusphere 2009
Movie Reviews
News Links
Newspaper Columns
Niagara Basketball
None
Notes 8 Beta
Notes/Domino Administrat...
Notes/Domino Development
Notes/Domino Mail
Notes/Domino Security
Observations
Outsourcing
Patent Issues
Presentations
Press Releases
Privacy
Procurement Controls
Product Advocacy
Professional Development
Records Retention
Reflections
Risk Assessment
Sarbanes-Oxley
Sarbanes-Oxley Tools
Secure Messaging
Security Awareness
Security Controls
Site Update
Smoking Kills
Social Engineering
Social Software
Social Software Risks
Software Development Con...
Software Tools
Spreadsheet Controls
Telecommuting Risks
The Disposable Society
Training Series
Travel Tips/Observations
Trivia
TV/Radio Sports
Understanding COBIT
User Education
User Interface
Vocabulary
Way Off Topic
WebSphere
XBRL
XML Feeds