I work for a major corporation, and we’ve been hit so hard by Sarbanes-Oxley that we can now barely function. Absolutely nothing can be done without going through five channels of people, each of whom has their own reasons for delaying. I have to tack on a minimum of 2 days for any project I get, just to make sure all of the people involved have their paperwork on time. It’s costing us in efficiency in ways that nothing else has ever done. We have a “zero tolerance” policy regarding compliance, which basically means, “Fuck up once and we don’t give a shit how good a worker you are; you’re outta here.”
Your rant might be more believable if it had some specifics, like a particular provision of Sarbanes-Oxley, and what your company feels it must do to satisfy it.
My problem with Sarbanes-Oxley is that I work in IT, and we’ve had to make major frickin’ revisions to our entire mainframe system and some of the changes are frickin’ crippling us! Welcome to Hell Week.
I’m so with you, DeadlyAccurate. It used to be that if I had to make a database change, I called my boss and told her what I wanted to do. If it made sense, she’d tell me to go ahead and do it.
Now, I have to submit an email detailing the problem, two specific people have to agree there’s a problem. Then I have to describe how I’m going to fix it, my changes have to be approved by two more people. Then I try it in a test environment, get it approved twice more, and actually implement the change.
Fuck Enron, Worldcom, Tyco, and whoever else is responsible for making my job five times as difficult.
[Brain Slug]
But it’s Big Government that writes and enforces these regulations in a blatant attempt to impose their fascist will upon the corporations that supply us with health care, clean air, apple pie, worm-free puppies, and all other things necessary and sufficient for living a satisfying middle-class life. We must give them tax breaks!
[/Brain Slug]
Luckily the major corporation I work for has had a really strong compliance program in place already, and most of the SOX initiatives have just fallen neatly into place alongside. For the most part anyway.
Either way, I can’t complain. If it weren’t for SOX, I probably wouldn’t have much work to do.
Try working in an ISO 140001 compliant environment. Jeez. “I’m sorry you can’t sharpen you pencil that way, it’s not in the Procedures manual.” Wanna give a go to writing ISO standards for stripping film?
[CEO]
Maybe if we outsource all the SOX checks and balances to those nice folk in India and Guam, we can reduce company overhead and corporate bellyaching, and flip the bird to the Chinese butterfly.
[/CEO]
In all seriousness, SOX will probably bend me over a log and asked me to squeal like a pig in the not so near future. I have procedures and routines that update data in Oracle tables—
No clue. I can’t understand the mess we’re having to deal with. All I know is that for everything that used to be solved by a quick email or phone call, we now have to send a request to the help desk, get it routed to the correct group, wait until they get around to it, work on the problem as originally assigned when that’s done, make sure all the paperwork is done, send another request to the help desk so I can get the program into production, send a request to another group (because it’s a two-step process), tell them that I need the changes but to not do them until I say so (they require a 3-day lead time), and maybe, finally, get everything in production. But only if all the paperwork was taken care of. The last time I had to put a program into production, I didn’t realize I now had to have the paperwork on the person’s desk first before he would approve the program. Since the program would have crashed at 5:00 am on a Saturday morning, and he would’ve been called just as I would, he was able to bend the rules just that once so long as I’d have the paperwork to him ASAP that Monday. Of course the paperwork had to go to the manager and the business user first.
Everyone around me is frustrated because we can’t do anything efficiently or take any initiative with any of our work. Seriously, everything we do has to be pre-approved, so anything like trying to optimize a program for a faster run would never get approved by the business users, nor would re-writing Assembler programs into newer languages so that when all the guys who know Assembler eventually retire, someone could maintain them.
AND I have to retroactively justify every breath I have taken for the last year and a half. I spent an hour yesterday going back to document every production change I have made since I joined the team. Upon receiving which, my boss then requested that I do the same for everyone else on the team.
My only hope is to snow them under with so much documentation that they don’t bother me and I can get some REAL work done for year-end.
You will have to excuse me - I have to go fix the bug that nobody told me about because they were too busy documenting quality control processes.
That reminds me of something my co-worker was asked for the other day, Shodan. The business users wanted to see the source code of some particular program for some reason. Our manager said, “Sure, just send it on to them. If it’s Assembler, even better.” Sure enough, the program was written in Assembler, which makes it unreadable for anyone but an Assembler programmer. Even most programmers experienced in other languages cannot follow Assembler programs. I joked that he should even strip out the comments before he sends it over.
Can someone please enlighten us as to what y’all are talking about? Normally I can piece it together from the context, but all I can tell is that you all seem to have a lot more paperwork to do (which certainly sounds very frustrating), and that you all seem to have the same job. Which I can’t identify.
The Accountant, Compliance, and Enforcement Staffing Act of 2003, a/k/a/ the Sarbanes-Oxley Act (after its two main sponsors) was part of Congress’s response to the Enron/Worldcom/Tyco/Arthur Anderson/etc. scandals. Essentially, it tightened accounting rules. None of the provisions of the act itself require the procedural changes DeadlyAccurate and Shodan describe, but the law has caused some US corporate accounting and auditing departments to start requiring documentation for everything. In these places, the internal auditors are now so afraid of the government regulators that you can’t sneeze without filing a report detailing the capital costs of the lost moisture.
IOW, it’s not so much the provisions of the law itself, as the corporate interpretation. There’s nothing in the law that directly relates to database maintenance, for instance, but database maintenance may later impact cost accounting line items, or have other impacts the bean counters need to be able to justify.
