By Hugh Taylor
Published by Wiley
Like the 1970s manual it puns, this may be a book locked in a moment of time: In recent months, the political winds in the US have shifted and a revision of the Sarbanes-Oxley Act’s most controversial corporate governance strictures – Section 404 – now seems probable. Yet, there is much to recommend this practical IT title.
The author’s basic premise is that business agility and compliance procedures are not only compatible – despite the obvious tensions – but that a carefully constructed control framework will benefit the business, helping business leaders to be surefooted in their responses to rapidly evolving markets. In that sense, whether SOX remains the predominant measurement of organisational compliance and financial control becomes irrelevant. There is much here that can be applied to any business.
As might be expected from an author that works for a vendor devoted to service-oriented architecture (Hugh Taylor is a VP at SOA Software) the solution to balancing business agility and financial controls is seen from an SOA perspective. But that is no bad thing: SOA is widely recognised as the basis of future software development, and most large organisations already have some form of SOA strategy in place.
However, where the book really excels is in its coverage of IT control frameworks, specifically the Control Objectives for Information and Related Technology (COBIT) framework. Here, the author provides a detailed and readable analysis of the need for such frameworks, the benefit of implementing one and, importantly, some of the practicalities of so doing.
In tackling the subject of compliance for the agile business, Taylor chooses to illustrate his thesis using a fictitious company; this proves to be a mixed blessing. On the positive side, he clearly knows his subject well, highlighting extremely sensitive – and controversial – practices, which may not have been possible when dealing with a ‘real life’ case study. The weakness of the approach is that the tales of corporate shenanigans sometimes seem too inventive for non-fiction.
Ultimately, The Joy of SOX may not quite live up to its promise of introducing something that “may be the best thing that ever happened to you”. But for those wanting a good understanding of the COBIT framework and how that can fit with an SOA strategy this is an engaging and thought-provoking book.