Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Computing
Conference & Expo
November 2-4, 2009 NYC
Register Today and SAVE !..

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
In many cases, the end of the year gives you time to step back and take stock of the last 12 months. This is when many of us take a hard look at what worked and what did not, complete performance reviews, and formulate plans for the coming year. For me, it is all of those things plus a time when I u...
SYS-CON.TV
Sarbanes-Oxley: The New Rising Star
Sarbanes-Oxley: The New Rising Star

Ineffectual corporate management has given a great gift to programmers, system administrators, and CIOs - endless corporate accounting scandals. Our federal government has not missed this scandalous behavior as they have passed an extraordinarily strong, far-reaching law to contend with financial fraud.

Officially it's called the Public Company Accounting Reform and Investor Protection Act, but it's more commonly know as the Sarbanes-Oxley Act. The Sarbanes-Oxley Act is a very special piece of legislation designed to keep corporate managers honest. The Act awards dishonesty with a 10- or 20-year prison sentence for CEOs and CFOs. In addition, it has a provision for taking any and all ill-gotten gains from the dishonest executive. There are approximately 14,000 publicly traded companies in the United States, with just about 7,400 of them traded on the New York, the American, or the NASDAQ stock exchanges.

Most recently, the Securities and Exchange Commission (SEC) charged Jeffrey Skilling, the former president and chief executive officer of Enron, with fraud. The SEC is seeking to seize all of his ill-gotten gains and permanently bar him from acting as a director or officer of any publicly held company. On top of that, he is facing a maximum of 325 years in prison and hundreds of millions of dollars in fines. Considering that Andrew Fastow, who reported to Skilling at Enron, got off with 10 years in prison and forfeited $23 million in cash and assets, this is serious stuff!

Executives are now directly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting. The reports must contain a written assessment of the effectiveness of the internal control structure and procedures of the issuer with regard to financial reporting, as of the end of the most recent fiscal year of the issuer.

To put this in perspective, the average billion-dollar company has about 50 disparate financial systems up and running at any given time, some of which have been running for more than 30 years. Remember Y2K, with all of those old systems that were designed in the 50 years after World War II that did not anticipate ever needing to factor in the century changing? Starting June 15, 2004, you need to ensure that everything coming out of the old mainframes, client/servers, and new application servers is correct and adds up perfectly.

Adding to the complexity of the corporate, information-technology topology is the fact that most of them are running two or three enterprise resource planning (ERP) systems. These systems take literally years to install and configure and not a single soul on Earth can guarantee that any ERP system is 100% on the money 100% of the time.

Putting the icing on the cake: about 50% of the time, this information is output to an Excel spreadsheet, opening the door for endless misinterpretations and unintentional mistakes.

Sarbanes-Oxley compliance is very different from Year 2000 readiness. With the Y2K fire drill all you needed to do to achieve success was get the computer to roll over on January 1, 2000, and not shut off or miscalculate. In addition, Y2K was a one-time event. As I'm sure you know, there was no Y2.1K. Sarbanes-Oxley compliance is an everyday, every hour issue that must all be rolled up into a tight, neat package every three months to support the quarterly financial statements.

For a public company to comply with Sarbanes-Oxley, the accounting, financial management, and legal departments all ultimately funnel their data through information technology, which opens issues as to the completeness and accuracy of every code fragment and algorithm that's embedded in any project.

White-shoe law firms, the large accounting firms, and a myriad of management consultants have all begun Sarbanes-Oxley practices. In Silicon Valley and the other technology hot spots around the U.S., venture-funded Sarbanes-Oxley software companies are beginning to appear with increasing regularity.

A good example is Nth Orbit, which is offering a Sarbanes-Oxley product called Certus that provides a systematic approach to compliance. Their lead investor is Sequoia Capital. Sequoia was an early investor in and worked with Cisco Systems, Yahoo!, Redback Networks, Google, Network Appliance, Cypress Semiconductor, Vitesse Semiconductor, Apple Computer, and Oracle. These are not stupid people! Merger and acquisition activity is also beginning in this space, exemplified by EMC's recent purchase of Documentum. And there is an entire magazine dedicated to Sarbanes-Oxley compliance - the Sarbanes-Oxley Compliance Journal (www.s-ox.com).

The Sarbanes-Oxley Act is changing the way the business world operates. High-quality staff, automation, and processes will be a must-have for all public companies. The long-term payback will ultimately be a significantly higher level of awareness and controls that will produce much higher business processes throughout business units reporting up to their corporate parents.

Sarbanes-Oxley will make the astute programmer, system administrator, and CIO indispensable within their organization. These positions cannot be rationally offshored or outsourced. The personal risk to the people running the corporation is too high. The requirement to attest that the systems are working as intended and described is so intense, only a mad man would send this work halfway around the world to save a couple of bucks.

About Jacques Martin
Jack Martin, editor-in-chief of WebSphere Journal, is cofounder and CEO of Simplex Knowledge Company (publisher of Sarbanes-Oxley Compliance Journal http://www.s-ox.com), an Internet software boutique specializing in WebSphere development. Simplex developed the first remote video transmission system designed specifically for childcare centers, which received worldwide media attention, and the world's first diagnostic quality ultrasound broadcast system. Jack is co-author of Understanding WebSphere, from Prentice Hall.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

To be honest, would you trust as a CEO on your local developer skills? As mentioned in the article: There is no one on earth who could guarantee the correctness of billion lines of code. Even a control system that checks the output of the several systems is an IT system with the typical behavior. To cut a long story short. There is and will no 100 % reliability. Only by optimizing the overall process definition - including the IT - will end up in a more reliable financial reporting. The discussion here sounds for me a bit like a new scare monger to sell new products and IT services. For sure, one big optimization potential is in the area of today used paper based forms. As I''ve seen in my day to day business this is one of the essential points of failure and costs. There is no ability to check thousands of reports, orders or other incorrect filled paper based forms. Therefore the process needs to start where the data comes in. By comparing the failure rate of the up to 30 years old back end systems with the failure rate in transmission and multiple entering of information will show a totally new picture. That''s where an intelligent integration of all data sources  including manually entered data  will bring some benefit and minimize the risks. Having only the developers and systems onside will perhaps add 5 % more safeness to an undefined percentage of reliability. It''s now time for the CEO to get the overall business process and the corresponding financial reporting under better control.

"But, what do we need developers for?" --Extremely Intelligent Award-winning President of Billion-dollar Enterprise

Caveat: I''m no lawyer.

The Enron scandal broke well before Sarbanes-Oxley, and in fact was one of several scandals that precipitated it -- I would''ve thought that, as the crimes were committed prior to this law being enacted, that the perpetrators would not be prosecuted/sentenced under this law, but rather under previously existing securities/corporate governance statutes.
Further, most of what I''ve seen on Sarbanes-Oxley (from a citizen - i.e. non-business point of view) refers to the law as rather toothless, a ''slap on the wrist'' for corportions that misbehave.

Of course, the reason for placing this article in JDJ is it''s relevance for state-side software developers. I agree that implementation will initially require state-side development resources.

Whether such developer positions remain state-side depends entirely on costs vs. benefits to the corporation. I don''t see anything in the article to suggest that these positions wouldn''t be outsourced after version 1.0 systems are up and running.


Your Feedback
Ralf Rutke wrote: To be honest, would you trust as a CEO on your local developer skills? As mentioned in the article: There is no one on earth who could guarantee the correctness of billion lines of code. Even a control system that checks the output of the several systems is an IT system with the typical behavior. To cut a long story short. There is and will no 100 % reliability. Only by optimizing the overall process definition - including the IT - will end up in a more reliable financial reporting. The discussion here sounds for me a bit like a new scare monger to sell new products and IT services. For sure, one big optimization potential is in the area of today used paper based forms. As I''ve seen in my day to day business this is one of the essential points of failure and costs. There is no ability to check thousands of reports, orders or other incorrect filled paper based forms. Therefore the proce...
Astute Programmer wrote: "But, what do we need developers for?" --Extremely Intelligent Award-winning President of Billion-dollar Enterprise
Robert Cote wrote: Caveat: I''m no lawyer. The Enron scandal broke well before Sarbanes-Oxley, and in fact was one of several scandals that precipitated it -- I would''ve thought that, as the crimes were committed prior to this law being enacted, that the perpetrators would not be prosecuted/sentenced under this law, but rather under previously existing securities/corporate governance statutes. Further, most of what I''ve seen on Sarbanes-Oxley (from a citizen - i.e. non-business point of view) refers to the law as rather toothless, a ''slap on the wrist'' for corportions that misbehave. Of course, the reason for placing this article in JDJ is it''s relevance for state-side software developers. I agree that implementation will initially require state-side development resources. Whether such developer positions remain state-side depends entirely on costs vs. benefits to the corporation. I don'...
SOA World Latest Stories
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publ...
"We do one of the best file systems in the world. We learned how to deal with Big Data many years ago and we implemented this knowledge into our software," explained Jakub Ratajczak, Business Development Manager at MooseFS, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one l...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus ...
Enterprise architects are increasingly adopting multi-cloud strategies as they seek to utilize existing data center assets, leverage the advantages of cloud computing and avoid cloud vendor lock-in. This requires a globally aware traffic management strategy that can monitor infrastruct...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portabil...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021


SYS-CON Featured Whitepapers
ADS BY GOOGLE