The Joy of SOX

Product Description

* The Sarbanes-Oxley Act (SOX) was passed in 2002 in response to a series of high-profile corporate scandals and requires that public companies implement internal controls over financial reporting, operations, and assets; these controls depend heavily on installing or improving information technology and business methods
* Written by one of the most visible personalities on the tech-biz side of the SOX discussion, this highly readable, engaging book provides a clear road map for integrating SOX compliance into the fabric of everyday IT infrastructure and business practice
* Shows the reader how to leverage and use service-oriented architecture (SOA), a set of technologies that enables interoperation of heterogeneous computer systems, to achieve the level of internal controls over IT that SOX mandates

Product Details

* Amazon Sales Rank: #439805 in Books
* Published on: 2006-04-03
* Original language: English
* Number of items: 1
* Binding: Paperback
* 312 pages

Editorial Reviews

Review
"an engaging and thought provoking book" (Information Age, December 2006)

From the Back Cover
"We choose to do [these] things, not because they are easy, but because they are hard, because that goal will serve to organize and measure the best of our energies and skills."
—President John F. Kennedy, 1962

President Kennedy was speaking of going to the moon—a goal only slightly more ambitious, in the view of many corporate executives, than complying with the Sarbanes-Oxley Act. Hugh Taylor, corporate iconoclast par excellence, turns the prevailing view upside down as he illustrates how achieving full compliance with the spirit as well as the letter of SOX actually has the power to strengthen American business. As a catalyst for positive change, SOX challenges us to tighten operational control while maintaining strategic flexibility—not an easy task, but one that, once achieved, can bring out the best in corporate America.

In this refreshingly readable book, Taylor presents a powerful case for compliance, not because it's the law but because it creates an environment that ensures a well-run business with financial information that CEOs as well as investors can rely on. It demands a new level of management effectiveness that, by its very nature, benefits the bottom line.

SOX has the potential to help us do what we do better.

About the Author
Hugh Taylor is Vice President of Marketing at SOA Software, the leading provider of management and security solutions for enterprise service-oriented architecture. He is the co-author, with Eric Pulier, of Understanding Enterprise SOA (Manning, 2005). The author of more than a dozen articles and papers on the subject of web services and service-oriented architecture, Taylor is an authority on business process management, SOA, and compliance issues. Taylor received his B.A. degree, Magna Cum Laude from Harvard College in 1988 and his M.B.A. degree from Harvard Business School in 1992. He lives in Los Angeles.
Customer Reviews

Joy of Sox3
Well written book, but too detailed about Sarbanes Oxley. I was looking for something with more emphasis on Service Oriented Architecture which is barely touched on in the book.

Little Joy in SOX, but Helpful Understanding4
I make a living leading seminars discussing topics on software project estimation, requirements, and project management. It is not uncommon during one of these seminars to have a participant ask how the practice under discussion would impact or aid Sarbanes-Oxley compliance. What I wanted out of Hugh Taylor's book was a deeper understanding of SOX and some pointers I could give my students.

The Joy of SOX delivered on the first half of my quest. While not an accountant, Taylor did a good job explaining the key points of the act, focusing on section 404. I grew in my understanding of the role software systems play in acting as a "control" and the impact of changes to those systems. A simple definition of a "control" is that it is a device (practice, checkpoint, division of roles) inserted by a company to assist in the determent and detection of fraud.

Taylor, after painting a very bleak picture of what it means to comply to SOX (i.e. insert and maintain all the necessary controls), goes on to propose a solution that allows a company to react as necessary in business while keeping compliant. His solution, using a web based Service-Oriented Architecture. For those who are not buzzword compliant, that means using non-proprietary methods over the internet to communicate between different computer systems. Most of the time today, companies have to pay software development professionals to write a proprietary method. That takes a lot of time.

It is on the second point of my quest that I felt a little let down. Being a software development person, the word "agile" has a lot of baggage with it. He uses the word to mean the fundamental fluidity of the business to engage in new business practices. We software people want to enable that but we use the word an approach to software development. The two don't quite mean the same thing. So when I got to his prescription, I was into an alphabetic soup of software development acronyms that I have never quite liked, even being in the field. Perhaps his way would work, but I think the hype machine is still on over XML, SOAP, SOBA and the like. Hey, given the alternatives he paints in the first half of the book, it is probably worth considering.

So, who should read this book? Well, if you want a decent way of understanding what SOX means to a public business, then the first half is worth reading. The use of the case study makes it a little HBR like and I enjoyed that. If you are a software development professional like me, well, the first half is worth knowing and you can skim the second half. If you are a business professional, you better know the first half. The second half? You can read it but this is what my friends and I would call "beer discussion" topics. There is no "right" answer, only answers that are better given the situation. Maybe bring your favorite IT person along for the beer.

A useful overview5
How can you resist a book with a title like "The Joy of SOX"? I liked the book - it was the first intelligible or helpful summary of Sarbanes-Oxley I have come across. Using an imaginary scenario it laid out both a plausible current state and accurately described the way in which business change might put the company's IT systems, and SOX compliance, at risk because they could not be changed quickly or accurately enough to respond. The book goes on to lay out how SOA is a key ingredient to building a profitable business that is also highly controlled and where processes are visible both to management and to regulators.

Most of the chapters are very readable, even some dealing with an alphabet soup of standards and standards bodies. A couple were heavier going and a few seemed like they needed to be longer - there was a certain amount of "and then magic occurs" that I am sure Hugh could have addressed in a longer book.

These complaints are, however, minor. For those of you interested in Sarbanes-Oxley or COBIT but not willing to wade through a lot of material, this book is a nice introduction.