I know very little about the Sarbanes-Oxley Act, nor do I care to.
I do know that I now spend a ridiculous amount of time doing documentation that my employer feels is required for SOX compliance. My group now spends about 50% of its time documenting every small thing we do. The group does technical support, and it’s a real stretch to see how what we do relates to “the effectiveness of [the company’s] internal accounting controls”.
For example, a programmer might contact me to tell me that their program is obsolete and should no longer be set up to run every hour. This is a 1-line code deletion for me. Now, however, one of us has to complete a complicated change request, which requires several levels of approval and generates a bunch of emails every time it’s updated. The change request form requires the creation of a SOX compliance document, which requires a project plan, pre-implementation and post-implementation test plans, pre- and post-implementation test results, and enough additional nonsense to fill two pages. Every element of the “SOX doc” requires several levels of approval and generates emails at every step. Both the change request and SOX doc systems are horrendous home-grown software (I believe they are so bad because no one with any integrity or competence would agree to work on them); spending more than five minutes using any of this software usually produces a stabbing pain in the right eye.
Total time required for a SOX-compliant 1-line code change: at least 4 hours.
As a long-time corporate drudge, I accept that there is a huge amount of inefficiency and stupidity inherent in the corporate environment. The corporate hysteria over SOX compliance, however, has produced a level of stupidity I would not have thought possible. It’s amazing that U.S. companies can continue to produce a competitive product with this nonsense going on.
How is SOX affecting your job?