Journyx Project Management Blog

Are you looking for a magic bullet to solve your compliance project(s)? Are you wondering where that simple fix is that will forever ensure that the government stays out of management’s business so management will get off of your back? Well look no longer!

Here’s the answer to all your questions!

Just scroll down a bit more!

What’s the answer??

IT DOESN”T EXIST!!!

In today’s world of all the different compliancy regulations (both public and private), it is no wonder that so many companies want a quick fix to make all the pain go away. But people, it does not exist. You cannot put in a few products and have PCI compliancy. You cannot install some new technology and have all your HIPAA headaches go away. But that is still what people are looking for. And I see no end to it.

Read more at ComputerWorld.

Paul Sarbanes and Michael Oxley have left Congress, but they’re never far from the thoughts of CIOs responsible for making their companies’ financial systems produce accurate data. Everyone’s favorite kvetch is the high cost to comply with the Sarbanes-Oxley Act of 2002, but now chief information officers are, in some ways, better off.

For the past five years, CIOs have dealt with being micromanaged by colleagues outside of IT and suspected a conspiracy by CFOs to undermine them. They’ve been inundated by vendors with fabulous claims of compliance-in-a-box and have listened to former Federal Reserve chairman Alan Greenspan decry Sarbanes-Oxley as a “nightmare” that should be rewritten.

But looking back, the rules that Sarbanes, a former Senate Democrat from Maryland, and Oxley, a former Republican representative from Ohio, wrote to make U.S. companies more accountable for their financial data also have lifted the career trajectories of some CIOs, says Lee Dittmar, a principal at Deloitte Consulting who oversees enterprise governance.

Yes, Dittmar says, Sarbanes-Oxley burdened technology departments by forcing, for example, more detailed reporting about how software projects affect a company’s financial data. IT also has to work side by side with internal and external auditors, as well as with the finance group, to identify how their companies handle accounting data electronically and manually, then tighten those processes to prevent fraud. “It has been painful,” he says. For many companies, documenting, testing and maintaining financial controls to the extent required by the legislation was a major change from past practice, he says.

But because technology enables the production of nearly all of the financial information under scrutiny, he says, now senior executives see that “what happens in IT is strategic.”

Read the rest at CIO.com.

The Securities and Exchange Commission took a step Wednesday toward easing Sarbanes-Oxley accounting requirements for small public companies. While the little guys have been complaining about the rules since 2002, when they were put in place after Enron’s collapse, legislators have not heeded their calls until now.

Among the biggest changes that the agency unanimously agreed to was allowing companies more flexibility with Section 404 of the law, which calls for strict internal controls and reporting requirements. The change would allow companies to assess their greatest risks rather than testing a long list of controls.

“Short of eliminating Section 404 for small business, this is probably the second best alternative in the current political environment,” says Nimish Patel, a partner at Los Angeles law firm Richardson & Patel LLP. Right now, firms worth less than $75 million don’t have to comply with that section until next year, but some small-business advocates say that the date should be pushed back even further.

Read more at the U.S. News and World Report blog, Small Biz Scene.

Michael Oxley was just starting to dig into his cream- and fruit-laden dessert when the verbal punches began to fly.

Presiding over a recent dinner in Paris for more than 200 accountants, Oxley — the former Republican congressman from Ohio and co-author of the Sarbanes-Oxley corporate governance law — was asked during the question period whether he realized he had helped create one of the most crushing financial burdens ever imposed on business.

Was Oxley aware, his questioners asked, that the law that he and Senator Paul Sarbanes, a Maryland Democrat, rushed onto the books five years ago after the collapse of Enron and WorldCom had contributed to a sharp decline in listings on U.S. stock exchanges? And, knowing what he knows now about the cost and effects of the law, would Oxley — who retired in January after 25 years in Congress — have done it any differently?

“Absolutely,” Oxley answered. “Frankly, I would have written it differently, and he would have written it differently,” he added, referring to Sarbanes. “But it was not normal times.”

Read more at the International Herald Tribune.

Japanese companies and their international subsidiaries have started prepping for next year’s implementation of a corporate governance framework that’s comparable to the requirements imposed by the Sarbanes-Oxley Act in the U.S.

Many U.S.-based IT managers have started working on processes to ensure compliance with the emerging financial controls requirements, informally known as J-SOX, even though initial details aren’t expected until next month.

“This is just like the early stages of Sarbanes-Oxley — nobody really knows” the specific requirements yet, said Michael Pellegrino, vice president of IT at Fuji Photo Film U.S.A. Inc., a Valhalla, N.Y.-based subsidiary of Tokyo-based Fujifilm Corp.

As the largest of Fujifilm’s 12 North American subsidiaries, Pellegrino’s group is following the lead of its parent firm’s IT operations on what steps it should take to document its IT controls.

Read more at: Computerworld

The Sarbanes-Oxley (SOX) Act of 2002 is a congressional act passed to prevent future scandals of Enron proportion and is considered to be one of the most significant changes to federal securities law in the United States. The Enron scandal and other similar scandals damaged investors’ confidence in the accuracy of all public corporate financial statements. Among the major provisions of the Act are criminal and civil penalties for securities violations, as well as increased disclosure regarding executive compensation, insider trading and financial statements.

In lay terms, the SOX act essentially says that you will go to jail if you are signing off on the veracity of certain documents in a public corporation and they turn out to be incorrect, even if it wasn’t really your fault. It requires certain executives at the top to sign off on the financial statements that stockholders typically examine before buying a stock. This potentially exposes those top executives to the risk of jail time.

As you might expect, the CEOs, CFOs and other executives of publicly traded companies take SOX very seriously. When a CEO takes something seriously, it typically means finding some other person in the company, or several, and requiring them to take the issue even more seriously — and that’s just what CEOs have done with SOX. It’s considered “delegation of responsibility,” “buck-passing” or “things rolling downhill” — depending on one’s point of view.

This is probably where you come in.

Read more at: E-Commerce News

“What’s my job?”

That’s a question that many managers ask themselves, usually not out loud though for fear of looking like a fool. Nonetheless the question is a real one. It has been my experience in working with many companies in many different industries that employees are often uninformed about their roles and responsibilities. Yes, employees know their job specifics and often perform as well as they can. What they lack is context, that is, “Why am I doing what I am doing and how does it affect the organization?” Employees who are so uninformed are not dull headed lackeys; they are bright, energetic people whose management has not bothered to explain their value to the organization.

Expectations lost in the details
For example, employees in purchasing are constantly asked to implement a host of new parameters to conform to new rules and regulations, some spawned by the Sarbannes Oxley Act of 2002. Employees go by the rules, but they end up following procedures that feel more like trapdoors and blind alleys than an updated process. When suppliers complain, purchasing agents are powerless to make adjustments and do a poor job of communicating why. Suppliers end up frustrated and angry, and purchasers feel betrayed by a system they have been hired to implement. The net result is that the company loses experienced suppliers and alienates the very employees whose job it is to ensure conformity with established standards.

Read more at:
http://www.cio.com/weighin/column.html?CID=19525

When thief and author Willie Sutton was asked why he robbed banks, he responded, “Because that’s where the money is.” Today, Web applications are prime targets for criminals for the same reason. Applications are designed to display and manipulate data, and the thief who compromises such applications gains access to protected information. For example, an intruder looking to steal Social Security numbers would be attracted to an application that asks for them.

Companies migrate applications to the Web as business demands, seeking to improve customer service, capture new customers, reduce operational costs, enable self-service and streamline communications with vendors, partners and employees. Yet these same Web applications also create increased security and compliance risks. To mitigate these risks, organizations worldwide are increasingly required to comply with sensitive data-protection legislation. Not only must organizations protect information, they must also document their security practices to demonstrate compliance with best practices for Web application security, resulting in the constant tweaking of IT infrastructures.

Read more at:
http://www.sdmagazine.com/documents/s=821/sdm0603a/

November 15, 2005 marks the one year anniversary for compliance with Section 404 of the Sarbanes-Oxley Act which requires internal controls over the creation of financial reports.

In the past year or more, companies have approached compliance with Section 404 as a project, but have not leveraged this to improve business efficiencies, reduce risk and improve effectiveness. In many cases, companies have implemented manual methods, which have led to significant costs.

SOX compliance overall is costing businesses millions of dollars. A March 2005 survey by Financial Executives International shows that first year SOX 404 compliance costs averaged $4.36 million per company, and large companies with more than $5 billion in revenues spent more than $10 millions per company.

Read more at: http://www.s-ox.com/Feature/detail.cfm?ArticleID=1331

Compliance burdens posed by the Sarbanes-Oxley Act are proving to be costly for many IT departments, according to Gartner Inc. But companies may be better equipped to meet any new federal regulations thanks to the processes they have developed for complying with the law, IT executives said here last week.

Gartner estimates that the government’s Sarbanes-Oxley mandates have led to an average increase of 3.3% in corporate IT costs. The financial reporting law has spurred increased spending in areas such as records management and security, as well as purchases of new tools needed to ensure the accuracy of financial data, the firm says.

Read more at:
http://www.computerworld.com/managementtopics/management/project/story/0,10801,105636,00.html