The Business Controls Caddy

Permalink Book Review: The Joy of SOX




Let's face it. In the current business environment, SOX sells. No, not the Boston Red Sox winning the World Series, but the Sarbanes-Oxley Act of 2002. Yet people find little joy on the whole process, and when I show people the Hugh Taylor's new book called The Joy of SOX: Why Sarbanes-Oxley and Service-Oriented Architecture May Be the Best Thing That Ever Happened to You (2006, J Wiley and Sons, 312 pages, ISBN 0471772747), they roll their eyes and say "What Joy?". What they do not realize with this first impression is that Taylor does something I have not seen in a book on Sarbanes-Oxley. He presents the content as a unified case study from start to finish. In doing so, the author makes available a reference of real world examples addressing SOX, COSO, COBIT, and the use of service-oriented architectures to facilitate what he calls "agile compliance".

Taylor introduces the reader to a rather small cast of characters by design. There is the overly ambitious, new CIO who totally wants to reinvent the company without any consideration for the SOX activities that are on-going. There is his trusty, military trained deputy. Then there is the CFO and the CIO, who do not get along at all. This should sound familiar to people from many organizations. The mission is to reinvent the company into an agile organization, without losing any of their compliance gains to date.

To do so, the author must take the reader on a journey. The first stop along the way is to give an overview of the fictional company, the good, the bad and the ugly. Taylor touches upon both organizational and product challenges, risks, and an introduction to the company's financial statements. It is into this environment that the corporate board ousts one CEO in favour on new blood. The new blood has his own set of bold, visionary ideas on how to turn the company around, but is clueless as to how what he wants will impact their compliance with the Sarbanes-Oxley Act. In fact, the new CEO has to persuade the CFO to stay on board. It is here that he gets his first whiff of Section 404 of SOX.

It is at this point where the journey takes another stop, as the author introduces concepts surrounding risk, COSO, control objectives, and control components. The journey then ventures in discussions of the relationships between internal controls and business processes, and their impacts on financial reporting data. The reader is then introduced to COBIT, with specific emphasis on a specific subset of COBIT for illustrative (and real life) reasons. The author does an excellent job of explaining COBIT and the challenges of implementation. There is an important emphasis made that is would be cost prohibitive to implement COBIT 100%. It would also be unrealistic. At this point of the journey, the author talks about the pain of SOX. It is here that the discussion moves onto what needs to happen for a company to be truly agile without compromising compliance. This culminates in discussions of how SOA can help facilitate agile compliance.

What I Like About the Book

There is a lot to like about this book. First and foremost, it is a comprehensive case study, putting real world examples on materials which are very dry in a vacuum. I also like the fact that the author is very frank in his discussions of the pluses and minuses of the topics. He is up-front in telling you that although he sells SOA Software and this is point of view, this is only one alternative solution. The key is that he sees a need to break down organizational silos.

What I Did Not Like About The Book

The book jacket talks about how this book is written by a Harvard MBA, and sometimes it comes across this way. Specifically, there were a few times where the author would throw in words which required a dictionary be close at hand. Yes, my vocabulary obviously has some limitations, but the content so be written as clearly and simply as possible. There is no reason to use a $10,000 word when a $1 word will do just as well. Another point is that although the author is clearly taking a view in line with Compliance Oriented Architectures proposed by Redmonk, the author does not address how SOA will not only benefit SOX compliance, but will also break down compliance silos as well.

Who Should Read This Book

Although this book is intended for general business readers, it should be considered a must read for anyone facing the challenges of SOX compliance at an architectural level. IT people may not get a firm grasp on the accounting issues, but this will help them along that path. For the business side of the house, it will clearly help them better understand the business path. Even people familiar with COBIT will get aditional insight from this book.

After all, compliance is a journey.

The Business Controls Caddy Scorecard

Eagle on a Long Par 5

Amazon Link



Comments
06/22/2006 08:07:17 PM

Comment posted by Wild Bill06/22/2006 08:04:30 PM
Homepage: http://www.billbuchan.com


Chris. Your kidding, right ?

--* Bill

Add Your Comments



Email addresses provided are not made available on this site.





You can use UUB Code in your posts.

[b]bold[/b]  [i]italic[/i]  [u]underline[/u]  [s]strikethrough[/s]

URL's will be automatically converted to Links


:angry: :-( :-p :lips: :laugh: :-o :rolleyes: :huh: :-D :grin: :cool: :cry: :-) :-\ ;-) :-x :emb:






Remember me    

Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This may take up to 10 minutes.

Site Name

Permanent URL of TrackBack Post

Title of Post ( If Any )

Excerpt of Post ( Max 250 Chars )



free html hit counter