Customer Reviews

Sarbanes-Oxley Guide for Finance and Information Technology Professionals

5 star:		(4)
4 star:		(0)
3 star:		(0)
2 star:		(1)
1 star:		(0)

 

 

This comprehensive guide provides a complete methodology for achieving Sarbanes-Oxley compliancy, namely the Sarbanes-Oxley Compliant Key Enterprise Technology (SOCKET) framework. The author is one of the world's leading regulatory compliance experts and Chairperson of the SOX Institute.

In terms of getting things done (and why it needs to be done) this is an excellent book. The SOCKET framework is laid out very clearly and you will find material and PowerPoint friendly bulleted lists covering every aspect of a SOX project (or, more accurately, a process).

Compared to the Manager's Guide to Compliance, the chapters constitute a more coherent narrative with more emphasis on organisational and IT issues. Compared to The Joy of SOX, it provides a generally more detailed coverage (but it is less entertaining). To give an example, the book contains a brilliant mapping between Sections of the Sarbanes-Oxley Act, business processes and affected technologies. Of course, it is not rocket science, but it is great value for money. For the IT professional, it goes beyond the presentation of the usual suspects COSO and COBIT by covering e.g. the ISO 1335 and 17799 standards.

Yet, despite the level of detail, the author manages to keep the momentum as he takes the reader through all the steps of a SOX compliance process in terms of the SOCKET framework. This implies that some important topics have been moved to the Appendices (that includes about 35 pages on COBIT 3 and 4).

One could wish for more examples and templates, but it is apparently easier said than done. (Another book from the same publisher that should provide templates, key processes, and checklists has been postponed until February 2007.) Apparently, Sanjay Anand is currently working on another book Essentials of Sarbanes-Oxley that will include "Tips and Techniques" and "In the Real World" features with realistic advice on compliance. At least until then, the Sarbanes-Oxley Guide is the book to buy.

Sarbanes-Oxley Guide for Finance and Information Technology Professionals (Hardcover)
by Sanjay Anand
ISBN: 0471785539

After the Enron fiasco a lot of IT as well as Finance Professionals wished for better federal securities laws. Well a lot of people were not careful about what they wished. The Sarbanes-Oxely Act of 2002 has answered just that wish. The main goal of the Sarbanes-Oxley Act is to protect investors and increase their confidence in the reporting of public companies.

This book takes the reader through the purpose and components of Internal Control and how to develop an Internal Control System.
Implementing SOX can be extremely daunting and the timelines, checklists and reporting and documentation gives a solid foundation to benchmark. The author goes over all the SOX related bodies and what they do in a very concise manner, which is good to know for the IT professionals. The book explains the need to maintain, store, retain and destroy relevant business records as prescribed under the law.

The author does a lot of handholding as he takes the reader through all the steps of the SOX compliance process.

The intended audience for this book is non technical i.e. finance professionals as well as technical IT professionals, and in my opinion the author pretty much nails it. The heavy duty jargon is either avoided or explained clearly which makes sense to the readers as one does not have to go figure what the words are about.

The author Sanjay Anand is one of the world's leading corporate governance, risk management, and regulatory compliance experts.

If you want to buy just one book which pretty much covers a lot of SOX ground, well this is it.

I give this book 5 stars on a scale of 5, 5 being the highest. I strongly recommend this book.
Niloufer Tamboly, CISSP

Of all the SOX Compliance books I've read, this one has definitely been the most useful. I appreciate the author's ability to communicate in IT and non-IT terms. The SOX Institute offers SOX training and a CSOX certification. I find myself frequently referring to the SOX Institute and this book for SOX knowledge. It's been an incredible source of information.

On a +ve note the book presents one view of the SOX Act that all senior persons involved in Corporate Governance should be aware of. IT Professional must be aware of this act, as it does impose stringent information requirements and controls on your systems deployed in the production environment. Recommend that you look at exhibit 11.1 (P108)/ exhibit 11.2 (P111) quite useful.

On a -ve note - After the first 100 pages (some what padded out) It was my opinion that Information Technology Professionals will not gain any true value from reading this book. However, as I continued I did find some useful snippets of useful information- However not enough for me to gain true value.

There are some good quotes in the book, but lacks the essence of the Systems view to which it aims targets in its title - certain parts of the book confused me e.g. Exhibit 1.1 (P27). In the monitoring section P56 - The author missed the opportunity to discuss the monitoring of internal systems messages within the enterprise. Exhibit 2.1 (P44) is repeated as Exhibit 6.1 (P76) with no real value added On P77 the Author states that XML, middleware , Java will be a success factor - This as a general statement is wrong. But hey thats my opinion ...

I have read a lot of material on Sarbanes-Oxley and compliance and I can honestly say that this is one of the best. This book helps professionals on any level or industry understand the important concepts of SOX. It is a must read...