Today marks the end of a Sarbanes Oxley (Sox) project which has been consuming much of my time for months. My responsibility was getting the IT part of the company Sox compliant, and I'm pleased to say that after tying up a few loose ends the auditors gave us 100%. Considering that six months ago there was nothing in place, this leaves me feeling satisfied.
If there ever was something that cries out for tools like Lotus Notes or even SharePoint it is Sox. However, because of previous history and the consultants we were using, we ended up using the classic word doc, spreadsheet and email approach with a lot of cutting and pasting. This approach is very popular in many companies, but in reality is a very manual method. You often find it used for project management as well.
Spreadsheets track progress and summarize document content, and a significant part of the work consists of keeping them up to date. The core of Sox is developing policies and procedures (summarized in those spreadsheets), and then providing evidence that you are following you procedures. Fortunately most of these policies and procedures are well understood, but customizing them for a company involves emailing copies back and forth. Some of the documentation references other parts, and manually keeping this in sync is difficult to say the least. As I have said before it is impossible to keep any non trivial collection of documents in sync manually. And Sox certainly qualifies as a non trivial document collection. Is it any wonder that mail stores grow so fast with this approach? What really puzzles me is why some companies use such manual and inefficient methods to manage a particular process.
Now consider doing this using a workflow enabled tool like Notes or SharePoint. All the emailing of documents back and forth is no longer required. Audit trails show changes to documentation. And different views of those documents provided automatically updated summaries that replace the spreadsheets. Once you have such a system or tool in place my gut feel is that you will cut the work load by about 50%.
Which leaves the question – why is the "cut & paste" method so popular amongst IT professionals? We talk so much about collaboration, but we don’t practice it. Maybe we need read a book like Flawed Advice and the Management Trap and then take a good hard look in the mirror.
No comments:
Post a Comment