Software // Enterprise Applications
Commentary
11/18/2004
06:48 PM
Connect Directly
RSS
E-Mail
50%
50%

SOX Me, Baby

If you work in the IT department of a publicly-traded company, you're probably familiar with Sarbanes-Oxley. If the very sight of that name causes an annoying facial tic and makes you want a cigarette, and if your company also happens to use open-source software, we need to talk.

If you work in the IT department of a publicly-traded company, you're probably familiar with Sarbanes-Oxley. If the very sight of that name causes an annoying facial tic and makes you want a cigarette, and if your company also happens to use open-source software, we need to talk.

For the blissfully ignorant, Sarbanes-Oxley is the government's response to the wave of Enron-esque corporate accounting scandals a few years ago. The law (colloquially known as SOX) imposes strict new reporting and accountability requirements on publicly-traded companies. This includes not just financial reports and regulatory filings, but also, in practice, every business process and system that affects the integrity of the data used to produce those reports. And this very definitely includes a firm's IT operations: From software and servers to networking and storage systems, if financial data moves into, onto, from, or through it, you can bet a firm's internal SOX auditor will take an interest in it.

Those auditors have one goal in mind: to ensure that a firm can pass a real-life government SOX audit. They are looking for problems that could get a company delisted or land its executives in jail. They have no sense of humor, they do not want to hear excuses, and you're best advised not to let them hear you talking about cathedrals, bazaars or the "community" that built your firm's database server.

Some people have questioned whether these drill instructors in pinstripes would take one look at open-source software, realize what it's all about, and start throwing around pink slips like confetti in a victory parade. Earlier this year, for example, analyst and occasional Linux Pipeline contributor Rob Enderle took an extremely skeptical view of whether open-source software could survive an internal SOX audit.

For many IT departments affected by SOX, a key compliance deadline (the cleverly-named "Section 404") passed this week. It seems to me that if the worst-case scenario had come to pass, we would have noticed all of those Fortune 500 dumpsters piled high with open-source products. Even so, there might have been some interesting, if less dramatic, encounters between IT departments using open-source software, zealous SOX auditors, and corporate executives eager to avoid a free trip to Club Fed.

Please note: I'm not asking anyone to spill the actual contents of their firm's internal auditor report. That, too, will get you a bunk next to Martha Stewart--cruel and unusual punishment, indeed.

So, do you work for a firm that got SOXed this year? Do you have stories or opinions to share about the relationship between SOX and open-source software in your company? Drop me a line, I'm dying to hear all about it. If you'd rather keep your name and your company out of it, just let me know.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.