This paper, and if you don't have access, it's easy and free to sign up.)
Monday, May 11, 2015
MetaAutomation and Sarbanes-Oxley (SOX)
SOX is about accuracy and transparency in accounting and protection for investors in publicly-traded companies. The standards of SOX were enacted as US federal law in 2002.
Remember the collapse of Enron? SOX prevents that kind of thing.
It was such a great idea that it was subsequently imitated in many other countries around the world.
SOX Title III is on corporate responsibility, including the accuracy and validity of corporate financial reports. Section 302 (in Title III) mandates a set of “internal controls” which in turn have requirements for timeliness, accuracy and completeness of internal communications at a company about assets and operations.
SOX Title IV is on financial disclosures, and requires internal controls assuring accuracy and completeness. Section 404 focuses on risk assessment and disclosure of the effectiveness of a company’s internal controls.
At a software company, or a company that creates software as part of the business, these controls are part of the company’s information technology controls or IT controls.
MetaAutomation creates very strong stories for risk management through:
1. Complete, detailed and accurate assessments of software product quality, focused on business requirements of the system
2. Actionable quality events around regressions, found and delivered fast enough to prevent or quickly fix failures found by automated testing
3. A very detailed, searchable and presentable record of software quality that uniformly spans time and all the business behaviors of the product that are accessible to automated testing
The “…timeliness, accuracy and completeness of internal communications…” on quality issues of software development assets is assured with MetaAutomation, to a greater degree than possible with any kind of automation that only creates English-grammar flight-recorder logs. For developing software, on the quality side, Section 302 is covered!
For “…risk assessment and disclosure…” same thing. Visibility and interactivity with the quality data is very high. Section 404 is covered, too!
MetaAutomation reduces the cost of SOX compliance while improving corporate governance. Research has shown that this has a significant positive effect on company valuation (see
Quote from the paper: “The overall regression results are consistent with the view that SOX has a favourable long-term favourable impact.”
The adoption costs of MetaAutomation are not trivial, but improved company valuation is potentially quite significant.