Forgot your password?
typodupeerror
Security Government Politics

IT Braces for 'J-SOX' Rules 57

Posted by ScuttleMonkey
from the more-reasons-not-to-be-profitable dept.
jcatcw writes to mention that Japan-based businesses are prepping for new requirements, called J-SOX, similar to Sarbanes-Oxley in the United States. Even though details are not expected until next month, many IT managers are already working on implementing controls to handle the expected regulations. "Marios Damianides, an IT risk management consultant and partner at Ernst & Young LLP in New York, said he expects that the relaxation of some Sarbanes-Oxley requirements by the Public Company Accounting Oversight Board in the U.S. late last year should help ensure that the J-SOX rules won't be excessive for businesses."
This discussion has been archived. No new comments can be posted.

IT Braces for 'J-SOX' Rules

Comments Filter:
  • by Anonymous Coward
    I've been working on compliance for J-SOX over the last six months or so - to be honest, the actual legal requirements are so vague and broad that almost any interpretation can be said to be "in compliance".
    The main thing that's come out of it is that we've had to document all procedures relating to the production systems - no more flying by the seat of your pants.
    • by qwijibo (101731) on Monday March 19, 2007 @01:18PM (#18403183)
      Is that any different than the US? Everything I've seen about Sarbox is so vague that anyone can claim compliance if they have paid consultants enough money. The large bank I work for has a bunch of people who try to ensure that we're doing everything by the book, while management considers violating all of the rules to be a sport. It's always fun to have a large group of people telling you that you can be fired for failing to do things right when your management lets you know that if you do things by the book, you'll fail to meet your goals and will be fired. It's a life sized Dilbert cartoon. =)
      • by wolja (449971)
        To be frank the only reason any company does more than pay lip service to the piece of crud laughingly known as Sarbannes Oxley is that the CEO risks jail time if they can be shown to have made a false financial statement.

        All the money spent is purely to prevent that occurring.

        If the jail time was for lower level managers then you'd notice the level of spending on *compliance* would be way way less.
    • Re: (Score:2, Interesting)

      by boxless (35756)
      Yeah, I reall think the vagueness is the worst part. Then it all comes down to what kind of company you work for, and what kind of IT department you have. If they are the controlling type, then the vagueness will lead them to slow things down to a crawl, all under the heading of compliance. It is an extremely frustrating thing to watch and participate in. Up is down. Black is white.

      If you have a more flexible group, then the vagueness might help.
    • Re: (Score:3, Interesting)

      The other side to the problem, bizarrely, is that it is too detailed. By which I mean, the financial guys didn't really have many rules for the IT department, and now they do.

      Which leads to your point i.e. Great, they've added a layer of detail by requiring IT to be "compliant", but it's so vague *within* that layer it's a nightmare.

      I've heard they might be talking about getting rid of the IT controls from SOX entirely and just letting companies get on with it.
  • by voice_of_all_reason (926702) on Monday March 19, 2007 @01:09PM (#18403087)
    Chisox, bosox, and now jsox?

    Screw this, I'm watching hockey.
  • by sczimme (603413) on Monday March 19, 2007 @01:15PM (#18403145)

    There is a J-SOX* FAQ here [protiviti.jp]. Note: this is a PDF. I have no affiliation w/ the company.

    * "J-SOX"? I suppose it makes sense, but sounds too much like "J-pop".

    • Which is fine since 99% of "normal people" have never heard of J-Pop, and I doubt that Japanese IT professionals call it J-SOX.
      • by Otter (3800)
        A friend of mine works for Mitsubishi (in the US), and says the whole company calls it J-SOX. No, makes no sense to me either.
        • Even funnier - in Japanese, Japan (the name of the country) has no J in it. It is Nihon.

          So they are adding the English first letter of their own country's name. What's wrong with N-SOX?
      • by sczimme (603413)

        Which is fine since 99% of "normal people" have never heard of J-Pop, and I doubt that Japanese IT professionals call it J-SOX.

        Read the linked PDF in my earlier post. You know, the one from the company with the .jp TLD: the standard is called J-SOX throughout the document, and is used to differentiate the Japan version from the US version (called US-SOX in the PDF).

  • Flashbacks (Score:2, Interesting)

    by techpawn (969834)
    I just remember filling out three forms to get applications into test for SOX. In to frigging TEST! *shivers and starts rocking* I'm SO glad I got out of that!
    I understand the need to track who did what and why and what the code is and all that jazz... But seriously, a year of my life was lost in that red tape...
  • by Duncan3 (10537) on Monday March 19, 2007 @01:27PM (#18403305) Homepage
    The reaction to SOX here in the US has been to take companies private, or list in London instead of New York. The costs of SOX alone are easily enough to force you out of business if your competitors aren't burdened with SOX.

    I'm kinda surprised that Japan would be similarly desperate to rid itself of publicly traded companies.

    • Re: (Score:3, Insightful)

      by geoffspear (692508)
      Yes, yes, we all noticed that the New York Stock Exchange and NASDAQ completely closed down; you don't have to remind us.
      • Re: (Score:3, Insightful)

        by Duncan3 (10537)
        The NYSE and NASDAQ heads are whining almost daily about how all the big IPO's are now in London. The IPO is where the US brokers get the chance to screw the company of millions or billions, and funnel it to their friends, so this is really hurting them badly.

        So yes, they are effectively shutout. No US company can seriously compete with China cooking the books as hard as they can even without SOX, SOX just adds to the pain by killing the cooks.

    • Thanks a bunch Enron! Fucking douchebags ruined it for everyone, and they got a slap on the wrist.

      Instead of implementing some much desired features and efficiencies in our systems, we had to jump through hoops ensuring that everything was 'audit ready'. Logs whenever data enters or leaves a system, documentation of all that, etc...

      We're already dealing with J-SOX...your god help me if Europe and Asia start the same crap.
    • I cannot comment on SarbOx in general. IANAL. I don't even play one on TV. But I can comment on the IT aspects.

      I've been through a supposed SarbOx implementation when, as a consultant, one of our clients got gobbled up by a huge company. They had a huge list of requirements, supposedly needed for SarbOx. One in particular stuck in my mind: Passwords had to change every 45 days. They blamed Congress for this whenever I objected.

      So I got a copy of the SarbOx legislation. The word "password" doesn't eve
  • To prepare I recommend this product:

    http://www.holisticwisdom.com/anal-eze.htm [holisticwisdom.com]

    and start off with small plugs before going for the full-bore SOX audit.
  • J-SOX is what they'll be calling that baseball team up in Boston if Daisuke Matsuzaka's "gyroball" has any success.
  • by Anonymous Coward
    Here is my personal experience with SOX, from a sales point of view.

    I can't take purchase orders that are not 100% perfectly filled out. It doesn't matter if I've been doing business with that company for 20 years and they all know me. The PO is now a LEGAL document (contract) and must be completed in full before my manufacturer's will take the order. You know the criteria I am talking about -- FOB, terms, Delivery date, quoted item, a price, etc. Lots of times, with people you've been doing busines
  • J-SOX? Shouldn't that be SOX.NET ?

  • by Anonymous Coward
    I expect theirs will be more reliable, get better mileage.
  • by dominux (731134) on Monday March 19, 2007 @02:36PM (#18404207) Homepage
    for a Japanese company obviously. The thing you need to know is that the law itself is impenetrable in the US and Japan. Don't worry about it. Look for the document from COSO on internal controls (nasty - send this to the accounts department) and the COBIT framework (nice - keep this one in IT) COBIT is really really friendly and structured (34 chapters with loads of specific guidance on each), if you have been working with ISO 9000 and related things then you are going to like COBIT. COSO is woolly and unstructured, it sort of breaks down into 4 elements and J-SOX adds an extra one for IT controls, which as I understand it, probably just means that to do COSO you need to do COBIT.
    Just remember when they are handing out the responsibilities:
    COBIT = nice
    COSO = nasty
  • Capitalists convincing governments to pass these laws so that it looks like the governments are actually doing something about corporate corruption- while the 10% game (only the worst 10% of cases of business fraud ever get reported, let alone prosecuted) continues on.
  • [quote]The lessons learned from U.S. companies' Sarbanes-Oxley efforts will lead Japan's Financial Services Agency to "soften J-SOX [requirements] a little bit," said Damianides" [/quote] Is he serious? If J-SOX works like America's SOX... they'll have the same crap results we have. You can pay one of the "big three" a mountain of cash to write up in creative ways that you comply. Done.
  • At my current client I have to show a screen print of what the change will look like on the production server, without making the change. So I have to alter the images from my test system to look like the production system to pass SOX review.
  • Co worker was required to collect 400 SCREEN shots of a file before and after changes to the file and paste them into the SOX document.

    You see- a backup copy of the file wouldn't satisfy auditing requirements since "it might be changed".

    Of course bitmaps are so much harder to change than a backup copy on a lockbox system.

    INSANE INSANE INSANE.

    I'm so glad i don't develop now. My job is doing these processes and helping the developers focus on the work now. I'm happy- they are universally happier. I used to
  • Working as sys admin for an American company, I have had enough exposure to Sarbanes-Oxley to last me a while.

    While I fully understand and sympathise with the need to ensure that companies don't lie as much as they would like (we should something for politicians and lawyers too, eh?), in some cases it is taken to ridiculous extremes. In my company we now have to submit all new hostnames to a security commission - these are hostnames that are allocated on an internal DNS server. Why is that? I don't understa

Machines certainly can solve problems, store information, correlate, and play games -- but not with pleasure. -- Leo Rosten

Working...