Quotes   from the SOX-online Editors
Sarbanes-Oxley: the REAL end of the dot com era
- quote from Amy Klutz, Editor
" During the rush to convert systems to web applications, most IT departments made the tough choice to skimp on documentation and standardization and controls. Besides, some reasoned, with languages and approaches changing rapidly, why bother? Sarbanes-Oxley is a glass of water in the face of such IT departments. Hey, you! it's saying. You can't skip these steps! IT departments with adolescent, instant-gratification dot-com approaches are finding themselves having to grow up fast. And that's a good thing."

It's the data, stupid!
- quote from Gwen Thomas, Editor/Columnist
" Data is like the mighty Mississippi river. It starts out in many little trickles, comes together to form streams, and eventually becomes a powerful river. If you've got trash floating in your river, don't assume you have to go to New Orleans and build a mile-wide net. Go North to the headwaters. If you know where to look and the natives will let you in, you can solve a lot of problems with the equivalent of a colander and a couple of sandbags." more

Are new tools and software really required?
- quote from Gwen Thomas, Editor/Columnist
" Sarbanes-Oxley doesn't specify that all processes and controls be documented in the same format in a single tool. It requires your management to be able to answer basic who-what-when questions about their operations. What they need is to achieve a comfort level. Some thrifty companies will choose to let different departments stay their courses and a have a central group create a directory of efforts and documentation locations. "

Many tools are available to assist with compliance. However, not every company needs them and some need just a little help instead of large, pricey applications."

Sarbanes-Oxley information overload
- quote from Amy Klutz, Editor
" We watched the number of vendors grow and the number sites that mentioned Sarbanes-Oxley explode: 700 hits in late April of 2003. 20,000 in early July. 94,600 by August. 424,000 by November. How could anyone find their way through this mess? And how could they distinguish unbiased information from sales pitches disguised as guidance?"

Isn't Section 404 just insisting that workers do their jobs right?
- quote from Gwen Thomas, Editor/Columnist
" Anyone who has been in the trenches will tell you that almost NO companies can answer these basic Who-What-When questions to the level that the SEC and stockholders want. So is Section 404 scary? Yes. But the reason isn't sexy or scandalous. It's a classic Knowledge Management problem." more

The relationship between IT and Finance
- quote from Amy Klutz, Editor
" Finance has often balked at the prices and timelines for implementing IT systems - and who can blame them? But if there's any bad blood in a company between IT and Finance departments, now is the time to shake hands and make up. Sarbanes-Oxley doesn't care which functional group owns the piece of software or the process that could screw up financial data. It just cares about getting it right. "

The Irony of Sarbanes-Oxley
- quote from Gwen Thomas, Editor/Columnist
" The irony of Sarbanes-Oxley is that what the SEC now demands is what good executives have been asking for all along." more

Negative affect on the US economy: Will companies not based in the US considering changing markets in order to avoid compliance?
- quote from Amy Klutz, Editor
" I think the Press - including SOX-online - has a responsibility not to blow this out of proportion. It might make a good story to focus on costs and scare tactics. But really, what is Sarbanes-Oxley demanding that isn't good business anyway?"

Difference between Data Governance and Data Stewardship
- quote from Gwen Thomas, Editor/Columnist
" There's a reason data governance has been pushed to the background all these years. It's screamingly boring. But it's necessary. Data governance is top-down, and data stewardship is bottom-up. You need both."

Elements of a Complete Data Control Programs
- quote from Gwen Thomas, Editor/Columnist
" A complete data control program includes:Governance, Stewardship, Processes, Information Access, Data Change Management, Metadata Repositories, and Data Analysis."



1