5 of 5 people found the following review helpful:
4.0 out of 5 stars
Little Joy in SOX, but Helpful Understanding, October 2, 2006
This review is from: The Joy of SOX: Why Sarbanes-Oxley and Services Oriented Architecture May Be the Best Thing That Ever Happened to You (Paperback)
I make a living leading seminars discussing topics on software project estimation, requirements, and project management. It is not uncommon during one of these seminars to have a participant ask how the practice under discussion would impact or aid Sarbanes-Oxley compliance. What I wanted out of Hugh Taylor's book was a deeper understanding of SOX and some pointers I could give my students.
The Joy of SOX delivered on the first half of my quest. While not an accountant, Taylor did a good job explaining the key points of the act, focusing on section 404. I grew in my understanding of the role software systems play in acting as a "control" and the impact of changes to those systems. A simple definition of a "control" is that it is a device (practice, checkpoint, division of roles) inserted by a company to assist in the determent and detection of fraud.
Taylor, after painting a very bleak picture of what it means to comply to SOX (i.e. insert and maintain all the necessary controls), goes on to propose a solution that allows a company to react as necessary in business while keeping compliant. His solution, using a web based Service-Oriented Architecture. For those who are not buzzword compliant, that means using non-proprietary methods over the internet to communicate between different computer systems. Most of the time today, companies have to pay software development professionals to write a proprietary method. That takes a lot of time.
It is on the second point of my quest that I felt a little let down. Being a software development person, the word "agile" has a lot of baggage with it. He uses the word to mean the fundamental fluidity of the business to engage in new business practices. We software people want to enable that but we use the word an approach to software development. The two don't quite mean the same thing. So when I got to his prescription, I was into an alphabetic soup of software development acronyms that I have never quite liked, even being in the field. Perhaps his way would work, but I think the hype machine is still on over XML, SOAP, SOBA and the like. Hey, given the alternatives he paints in the first half of the book, it is probably worth considering.
So, who should read this book? Well, if you want a decent way of understanding what SOX means to a public business, then the first half is worth reading. The use of the case study makes it a little HBR like and I enjoyed that. If you are a software development professional like me, well, the first half is worth knowing and you can skim the second half. If you are a business professional, you better know the first half. The second half? You can read it but this is what my friends and I would call "beer discussion" topics. There is no "right" answer, only answers that are better given the situation. Maybe bring your favorite IT person along for the beer.
Help other customers find the most helpful reviews
Was this review helpful to you? Yes
No
1 of 1 people found the following review helpful:
5.0 out of 5 stars
It Is Always Good to Practice Safe SOX, June 22, 2006
This review is from: The Joy of SOX: Why Sarbanes-Oxley and Services Oriented Architecture May Be the Best Thing That Ever Happened to You (Paperback)
Let's face it. In the current business environment, SOX sells. No, not the Boston Red Sox winning the World Series, but the Sarbanes-Oxley Act of 2002. Yet people find little joy on the whole process, and when I show people the Hugh Taylor's new book called The Joy of SOX: Why Sarbanes-Oxley and Service-Oriented Architecture May Be the Best Thing That Ever Happened to You (2006, J Wiley and Sons, 312 pages, ISBN 0471772747), they roll their eyes and say "What Joy?". What they do not realize with this first impression is that Taylor does something I have not seen in a book on Sarbanes-Oxley. He presents the content as a unified case study from start to finish. In doing so, the author makes available a reference of real world examples addressing SOX, COSO, COBIT, and the use of service-oriented architectures to facilitate what he calls "agile compliance".
Taylor introduces the reader to a rather small cast of characters by design. There is the overly ambitious, new CIO who totally wants to reinvent the company without any consideration for the SOX activities that are on-going. There is his trusty, military trained deputy. Then there is the CFO and the CIO, who do not get along at all. This should sound familiar to people from many organizations. The mission is to reinvent the company into an agile organization, without losing any of their compliance gains to date.
To do so, the author must take the reader on a journey. The first stop along the way is to give an overview of the fictional company, the good, the bad and the ugly. Taylor touches upon both organizational and product challenges, risks, and an introduction to the company's financial statements. It is into this environment that the corporate board ousts one CEO in favour on new blood. The new blood has his own set of bold, visionary ideas on how to turn the company around, but is clueless as to how what he wants will impact their compliance with the Sarbanes-Oxley Act. In fact, the new CEO has to persuade the CFO to stay on board. It is here that he gets his first whiff of Section 404 of SOX.
It is at this point where the journey takes another stop, as the author introduces concepts surrounding risk, COSO, control objectives, and control components. The journey then ventures in discussions of the relationships between internal controls and business processes, and their impacts on financial reporting data. The reader is then introduced to COBIT, with specific emphasis on a specific subset of COBIT for illustrative (and real life) reasons. The author does an excellent job of explaining COBIT and the challenges of implementation. There is an important emphasis made that is would be cost prohibitive to implement COBIT 100%. It would also be unrealistic. At this point of the journey, the author talks about the pain of SOX. It is here that the discussion moves onto what needs to happen for a company to be truly agile without compromising compliance. This culminates in discussions of how SOA can help facilitate agile compliance.
What I Like About the Book
There is a lot to like about this book. First and foremost, it is a comprehensive case study, putting real world examples on materials which are very dry in a vacuum. I also like the fact that the author is very frank in his discussions of the pluses and minuses of the topics. He is up-front in telling you that although he sells SOA Software and this is point of view, this is only one alternative solution. The key is that he sees a need to break down organizational silos.
What I Did Not Like About The Book
The book jacket talks about how this book is written by a Harvard MBA, and sometimes it comes across this way. Specifically, there were a few times where the author would throw in words which required a dictionary be close at hand. Yes, my vocabulary obviously has some limitations, but the content so be written as clearly and simply as possible. There is no reason to use a $10,000 word when a $1 word will do just as well. Another point is that although the author is clearly taking a view in line with Compliance Oriented Architectures proposed by Redmonk, the author does not address how SOA will not only benefit SOX compliance, but will also break down compliance silos as well.
Who Should Read This Book
Although this book is intended for general business readers, it should be considered a must read for anyone facing the challenges of SOX compliance at an architectural level. IT people may not get a firm grasp on the accounting issues, but this will help them along that path. For the business side of the house, it will clearly help them better understand the business path. Even people familiar with COBIT will get aditional insight from this book.
After all, compliance is a journey.
Scorecard
Eagle on a Long Par 5
Help other customers find the most helpful reviews
Was this review helpful to you? Yes
No
