if leave WS-* aside for a little and turn to SOA, would it be correct to say that the organizations, which worked out their SOX (and , possibly, Basel II in financial firms), have prepared the foundation for SOA in the form of their business process descriptions?
I guess, the organizations you know about did not have another task than just to discover their points of financial data processing risks. However, if such descriptions may be considered as business process definitions in some cases, it puts the organization into advanced positions for considering SOA for their ITs ( and it is not necessary to be based on WS-*). What would you say ?
- Michael
Phil Ayres <[EMAIL PROTECTED]> wrote:
Dennis,
My experience of SOX was based on how organizations have been trying to cope with it over the last couple of years (both inside the US and for large overseas companies) - let's meet the letter of the law and what our auditors tell us. This means that they focus on writing down what their business processes are that directly and indirectly affect their financial reports. In every company IT systems are expected to deeply impact financials, and because of this there has been a drive towards using out of the box software managed according to best practices under a framework like COBIT (some companies also look at ITIL for deeper IT management background).
From a financial internal control side, SOX has been about organizations writing down how their processes look now (often manual processes), and assessing them for errors or risk of failure. Quite a lot of remediation has been done to fix problems, but generally this has led to more manual controls and approval processes - and a lot more paper being printed and signed. Despite the hype, there is nothing in SOX that says anything about technology.
Some organizations are just getting to the point of taking some of their manual processes and automating them with BPM or simple workflow, and in 'advanced' cases this may involve integration with business systems. By doing this an organization can classify these processes as 'system' processes, pushing them back from routine manual operation, testing and auditing to more efficient IT management (which assumes that a well managed system produces the correct results and does not require routine testing).
I have written a little about these issues on my blog. This search shows the main posts: show posts
So in summary, I would be careful trying to push WS-* for SOX. Simplified documentation of processes and auditing is the way the CFO has seen SOX up 'til now. Improvement of business processes is the way it will become sustainable long term - this will require BPM and maybe SOA and associated technologies to make this happen. This post shows how I see companies will progress towards this over time - like CMM for internal controls. This agrees more with where consultants, SIs and companies like CA are going finally.
I hope this is useful.
Phil
Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small Business. __._,_.___
YAHOO! GROUPS LINKS
- Visit your group "service-orientated-architecture" on the web.
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
__,_._,___
