RE: Sorbanes Oxley for dummies?

  • From: "Mark W. Farnham" <mwf@xxxxxxxx>
  • To: <Michael.Kline@xxxxxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
  • Date: Thu, 13 Jan 2005 11:34:16 -0500

First, it is clear that the standard message from many external audit firms
adds MANY extraneous requirements to what the law states. Unfortunately this
does not mean you can ignore them unless your management wants to be the
first company to fight back and risk the market effects of a qualified audit
letter. Possibly congress will fight back with refinements to the
legislation. If I recall correctly, audit firms where complicit in the
episodes that drove the need for the actual legislation, and now external
auditors are routinely dictating that IT should be closed out of
modifications to production systems. Sigh.

Anyway, most all of the bad news can be gleaned from:

"This group is dedicated to
discuss issues relating to Sarbanes-Oxley compliance
in an Oracle Applications Environment.  We have had a
couple of good discussions regarding Spreadsheet
Controls (recent requirement by Big 4 audit firms) and
PC Lockdown procedures.  Come join the conversation!

You can sign up at:";

Which is clipped from OAUGNET. A lot of this is legitimate controls and
issues. Some of it is regarding how to comply with the (made up) compliance
requirements being pushed (with apparent unanimity) by the external audit
firms. My expectation is that on the high side of a billion dollars will be
spent in the US complying with the actual legislation and something on the
order of tens of billions of dollars will be spent complying with audit
requirements not directly supportable by the actual legislation.

I hope this helps.

Oh -- and the short answer is: Sign up one or more DBAs as reports to the
CFO and highest official in the Human Resources chain, and make them sign
all the relevant confidentiality and fiduciary responsibility documents.
Then the DBAs so commissioned are part of the "Functional Team." Make them
pay you for the additional responsibility. Handling all the audit issues
where "This must be done by the functional authority who understands the
business issues and ramifications of changes to the material statements of
the business" is well worth the extra money they should pay you to take on
the extra authority.

Cynically yours,


All opinions rendered are LAY opinions. Not a member of any (law) bar. Not
affiliated with FASB or any other accounting standards board. Not a CPA.
Opinions are based on anecdotal reports in the industry and not on any
formal statistical survey.

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of Kline.Michael
Sent: Thursday, January 13, 2005 10:06 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: Sorbanes Oxley for dummies?

Has anyone done a good paper on what Sorbanes Oxley means for the DBA
and that related group?

Some of our "requirements" are quite large and usually based on "I THINK
Sorbanes Oxley may require it.

It would be nice to know without having to have a law degree.

Michael Kline
The information transmitted is intended solely
for the individual or entity to which it is
addressed and may contain confidential and/or
privileged material. Any review, retransmission,
dissemination or other use of or taking action
in reliance upon this information by persons or
entities other than the intended recipient is
prohibited. If you have received this email in
error please contact the sender and delete the
material from any computer.



Other related posts: