<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_12_01_1957200</id>
	<title>SarBox Lawsuit Could Rewrite IT Compliance Rules</title>
	<author>kdawson</author>
	<datestamp>1259657100000</datestamp>
	<htmltext>dasButcher notes that the Supreme Court will hear arguments next week brought by a Nevada accounting firm that asserts the oversight board for the Sarbanes-Oxley Act is unconstitutional. If the plaintiffs are successful, it could <a href="http://blogs.channelinsider.com/secure\_channel/content/governance\_and\_regulatory\_compliance/an\_end\_to\_sarbanes-oxley.html">force Congress to rewrite or abandon the law</a> used by many companies to validate tech investments for security and compliance. <i>"Many auditing firms have used [Sarbanes-Oxley Section] 404 as a lever for imposing stringent security technology requirements on publicly traded companies regulated by SOX and their business partners. SOX security compliance has proven effective for vendors and solution providers, as it forces regulated enterprises to spend billions of dollars on technology that, many times, doesn&rsquo;t prevent security incidents but does make them compliant with the law."</i></htmltext>
<tokenext>dasButcher notes that the Supreme Court will hear arguments next week brought by a Nevada accounting firm that asserts the oversight board for the Sarbanes-Oxley Act is unconstitutional .
If the plaintiffs are successful , it could force Congress to rewrite or abandon the law used by many companies to validate tech investments for security and compliance .
" Many auditing firms have used [ Sarbanes-Oxley Section ] 404 as a lever for imposing stringent security technology requirements on publicly traded companies regulated by SOX and their business partners .
SOX security compliance has proven effective for vendors and solution providers , as it forces regulated enterprises to spend billions of dollars on technology that , many times , doesn    t prevent security incidents but does make them compliant with the law .
"</tokentext>
<sentencetext>dasButcher notes that the Supreme Court will hear arguments next week brought by a Nevada accounting firm that asserts the oversight board for the Sarbanes-Oxley Act is unconstitutional.
If the plaintiffs are successful, it could force Congress to rewrite or abandon the law used by many companies to validate tech investments for security and compliance.
"Many auditing firms have used [Sarbanes-Oxley Section] 404 as a lever for imposing stringent security technology requirements on publicly traded companies regulated by SOX and their business partners.
SOX security compliance has proven effective for vendors and solution providers, as it forces regulated enterprises to spend billions of dollars on technology that, many times, doesn’t prevent security incidents but does make them compliant with the law.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288988</id>
	<title>Re:SOX is choking our companies, kill it.</title>
	<author>Anonymous</author>
	<datestamp>1259662440000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>I've worked in companies where SOX was used to make processes more stringent and intelligent.  And I work in a company where SOX has allowed the accounting/finance department to dictate all manner of corporate and IT policy.  In order to survive SOX, companies need keen leadership -- one that will prevent the sort of "SOX run amok" mentality and provide solid guidance to the company as a whole.</htmltext>
<tokenext>I 've worked in companies where SOX was used to make processes more stringent and intelligent .
And I work in a company where SOX has allowed the accounting/finance department to dictate all manner of corporate and IT policy .
In order to survive SOX , companies need keen leadership -- one that will prevent the sort of " SOX run amok " mentality and provide solid guidance to the company as a whole .</tokentext>
<sentencetext>I've worked in companies where SOX was used to make processes more stringent and intelligent.
And I work in a company where SOX has allowed the accounting/finance department to dictate all manner of corporate and IT policy.
In order to survive SOX, companies need keen leadership -- one that will prevent the sort of "SOX run amok" mentality and provide solid guidance to the company as a whole.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289440</id>
	<title>It's not a kind of box</title>
	<author>jfengel</author>
	<datestamp>1259664600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Nitpicky, I know, but the title of the Slashdot article (not the underlying article) uses "SarBox", as if it were some brand name for a kind of box.</p><p>It's the "Sarbanes-Oxley" Act, sometimes "Sarbox" or "SARBOX" (for those who feel compelled to treat every new word they don't know as an initialism) but "SarBox" is right out.</p><p>"SOx" or "SOX" are much more common.</p></htmltext>
<tokenext>Nitpicky , I know , but the title of the Slashdot article ( not the underlying article ) uses " SarBox " , as if it were some brand name for a kind of box.It 's the " Sarbanes-Oxley " Act , sometimes " Sarbox " or " SARBOX " ( for those who feel compelled to treat every new word they do n't know as an initialism ) but " SarBox " is right out .
" SOx " or " SOX " are much more common .</tokentext>
<sentencetext>Nitpicky, I know, but the title of the Slashdot article (not the underlying article) uses "SarBox", as if it were some brand name for a kind of box.It's the "Sarbanes-Oxley" Act, sometimes "Sarbox" or "SARBOX" (for those who feel compelled to treat every new word they don't know as an initialism) but "SarBox" is right out.
"SOx" or "SOX" are much more common.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289832</id>
	<title>Re:SOX is choking our companies, kill it.</title>
	<author>pauls2272</author>
	<datestamp>1259666160000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>&gt;I have worked for large companies in the past, and SOX is seriously undermining the ability to make changes, &gt;or indeed for rational process to take place in the daily operation of IT.</p><p>Absolutely agree.  Although the smart companies are now just giving SOX lip service and ignoring it pretty much entirely.    The company I work for now, has all kinds of memos issued saying they support SOX, hotlines, etc but it doesn&rsquo;t impact real work.</p><p>When SOX hit, the company I worked at, the Accounting dept came out with the required SOX doc and it was non negotiable.  They had worked with an auditor that knew nothing of IT and it showed.  I had to attend a week long class on how to fill out the dozens of new SOX forms (all manual paper forms) that were to be kept in notebooks!</p><p>
&nbsp; &nbsp; I was told that ALL CHANGES had to go on the CEO change calendar and that we would become very familiar with the assistant that scheduled the CEO change meetings.    All changes had to have the 10 pounds of forms and 10+ signatures before you could implement.  There also had to be &ldquo;separation of duty&rdquo; which meant if you were making the change, someone else had to implement it  I said &ldquo;great, your gonna hire another IT group &ndash; one to implement and another to install and test&rdquo;.  Of course, they never did this and this &ldquo;separation of duty&rdquo; was never followed.</p><p>It was COMPLETE AND TOTAL NONSENSE designed by people who had no clue what they were doing or what the real world was like.  Yeah, I need to put a hotfix on a server to fix a problem &ndash; I&rsquo;m gonna wait 2-3 months to get on the CEO change calendar and have a meeting with the CEO  But trying to talk to the accounting morons was useless &ndash; they insisted every change had to follow their written in stone procedure</p><p>After a few weeks of complaining, the process was &ldquo;refined&rdquo; by having Small, Medium and Large changes and Large changes were only the changes had to go thru the above process.  The difference being the number of &ldquo;elements&rdquo; in the change &ndash; but &ldquo;element&rdquo; wasn&rsquo;t defined by the accounting/auditing people.  The solution became that all IT changes were SMALL since there was only 1 datacenter so 1 element changing!</p><p>The fact is that SOX was doomed to fail because you can&rsquo;t impose rigorous rules on US companies if foreign companies don&rsquo;t have to follow the same rules &ndash; it is a Global world out there and adding huge overhead to your domestic companies just mean more outsourcing and more domestic bankruptcies as they can&rsquo;t compete with slimmer/trimmer overseas companies.</p></htmltext>
<tokenext>&gt; I have worked for large companies in the past , and SOX is seriously undermining the ability to make changes , &gt; or indeed for rational process to take place in the daily operation of IT.Absolutely agree .
Although the smart companies are now just giving SOX lip service and ignoring it pretty much entirely .
The company I work for now , has all kinds of memos issued saying they support SOX , hotlines , etc but it doesn    t impact real work.When SOX hit , the company I worked at , the Accounting dept came out with the required SOX doc and it was non negotiable .
They had worked with an auditor that knew nothing of IT and it showed .
I had to attend a week long class on how to fill out the dozens of new SOX forms ( all manual paper forms ) that were to be kept in notebooks !
    I was told that ALL CHANGES had to go on the CEO change calendar and that we would become very familiar with the assistant that scheduled the CEO change meetings .
All changes had to have the 10 pounds of forms and 10 + signatures before you could implement .
There also had to be    separation of duty    which meant if you were making the change , someone else had to implement it I said    great , your gon na hire another IT group    one to implement and another to install and test    .
Of course , they never did this and this    separation of duty    was never followed.It was COMPLETE AND TOTAL NONSENSE designed by people who had no clue what they were doing or what the real world was like .
Yeah , I need to put a hotfix on a server to fix a problem    I    m gon na wait 2-3 months to get on the CEO change calendar and have a meeting with the CEO But trying to talk to the accounting morons was useless    they insisted every change had to follow their written in stone procedureAfter a few weeks of complaining , the process was    refined    by having Small , Medium and Large changes and Large changes were only the changes had to go thru the above process .
The difference being the number of    elements    in the change    but    element    wasn    t defined by the accounting/auditing people .
The solution became that all IT changes were SMALL since there was only 1 datacenter so 1 element changing ! The fact is that SOX was doomed to fail because you can    t impose rigorous rules on US companies if foreign companies don    t have to follow the same rules    it is a Global world out there and adding huge overhead to your domestic companies just mean more outsourcing and more domestic bankruptcies as they can    t compete with slimmer/trimmer overseas companies .</tokentext>
<sentencetext>&gt;I have worked for large companies in the past, and SOX is seriously undermining the ability to make changes, &gt;or indeed for rational process to take place in the daily operation of IT.Absolutely agree.
Although the smart companies are now just giving SOX lip service and ignoring it pretty much entirely.
The company I work for now, has all kinds of memos issued saying they support SOX, hotlines, etc but it doesn’t impact real work.When SOX hit, the company I worked at, the Accounting dept came out with the required SOX doc and it was non negotiable.
They had worked with an auditor that knew nothing of IT and it showed.
I had to attend a week long class on how to fill out the dozens of new SOX forms (all manual paper forms) that were to be kept in notebooks!
    I was told that ALL CHANGES had to go on the CEO change calendar and that we would become very familiar with the assistant that scheduled the CEO change meetings.
All changes had to have the 10 pounds of forms and 10+ signatures before you could implement.
There also had to be “separation of duty” which meant if you were making the change, someone else had to implement it  I said “great, your gonna hire another IT group – one to implement and another to install and test”.
Of course, they never did this and this “separation of duty” was never followed.It was COMPLETE AND TOTAL NONSENSE designed by people who had no clue what they were doing or what the real world was like.
Yeah, I need to put a hotfix on a server to fix a problem – I’m gonna wait 2-3 months to get on the CEO change calendar and have a meeting with the CEO  But trying to talk to the accounting morons was useless – they insisted every change had to follow their written in stone procedureAfter a few weeks of complaining, the process was “refined” by having Small, Medium and Large changes and Large changes were only the changes had to go thru the above process.
The difference being the number of “elements” in the change – but “element” wasn’t defined by the accounting/auditing people.
The solution became that all IT changes were SMALL since there was only 1 datacenter so 1 element changing!The fact is that SOX was doomed to fail because you can’t impose rigorous rules on US companies if foreign companies don’t have to follow the same rules – it is a Global world out there and adding huge overhead to your domestic companies just mean more outsourcing and more domestic bankruptcies as they can’t compete with slimmer/trimmer overseas companies.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289266</id>
	<title>Re:SarBox?</title>
	<author>stefanlasiewski</author>
	<datestamp>1259663880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>No no no, you have it all wrong. You didn't need to go through all that effort, and all that detail.</p><p>All I meant was that I wanted to monitor a Unix box using <a href="http://en.wikipedia.org/wiki/Sar\_in\_UNIX" title="wikipedia.org">Sar</a> [wikipedia.org].</p><p>That should have been easy, and I guess it's my fault for not being clear. But look at all this paperwork you generated... wow you guys sure did work hard didn't you. Sorry for the misunderstanding...</p></htmltext>
<tokenext>No no no , you have it all wrong .
You did n't need to go through all that effort , and all that detail.All I meant was that I wanted to monitor a Unix box using Sar [ wikipedia.org ] .That should have been easy , and I guess it 's my fault for not being clear .
But look at all this paperwork you generated... wow you guys sure did work hard did n't you .
Sorry for the misunderstanding.. .</tokentext>
<sentencetext>No no no, you have it all wrong.
You didn't need to go through all that effort, and all that detail.All I meant was that I wanted to monitor a Unix box using Sar [wikipedia.org].That should have been easy, and I guess it's my fault for not being clear.
But look at all this paperwork you generated... wow you guys sure did work hard didn't you.
Sorry for the misunderstanding...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288772</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288590</id>
	<title>Fuck you government niggers</title>
	<author>Anonymous</author>
	<datestamp>1259660880000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>every last one of you kike zionist jew fags.</p></htmltext>
<tokenext>every last one of you kike zionist jew fags .</tokentext>
<sentencetext>every last one of you kike zionist jew fags.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289180</id>
	<title>Re:Budgest re-adjustment...</title>
	<author>guruevi</author>
	<datestamp>1259663460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Or they'll be able to invest that money somewhere else and become a better business. The things SOX 'protects' against are 1) outdated and 2) remotely plausible which doesn't actually protect anything. So business will still not protect anything however they won't have to invest in lawyers and consultants to implement rules that only bother the sysadmins and general productivity.</p></htmltext>
<tokenext>Or they 'll be able to invest that money somewhere else and become a better business .
The things SOX 'protects ' against are 1 ) outdated and 2 ) remotely plausible which does n't actually protect anything .
So business will still not protect anything however they wo n't have to invest in lawyers and consultants to implement rules that only bother the sysadmins and general productivity .</tokentext>
<sentencetext>Or they'll be able to invest that money somewhere else and become a better business.
The things SOX 'protects' against are 1) outdated and 2) remotely plausible which doesn't actually protect anything.
So business will still not protect anything however they won't have to invest in lawyers and consultants to implement rules that only bother the sysadmins and general productivity.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288592</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288926</id>
	<title>Re:Rule #1 of government....</title>
	<author>Anonymous</author>
	<datestamp>1259662140000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext>A comment critical of government that isn't +5?
<br> <br>
This is Slashdot I'm reading right?</htmltext>
<tokenext>A comment critical of government that is n't + 5 ?
This is Slashdot I 'm reading right ?</tokentext>
<sentencetext>A comment critical of government that isn't +5?
This is Slashdot I'm reading right?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288664</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288634</id>
	<title>SarBox is always the excuse</title>
	<author>Anonymous</author>
	<datestamp>1259661000000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>How about rewriting the law so that every request to my IT department doesn't result in "This functionality would break SarBox compliance", regardless of how related to SarBox the request actually is?</htmltext>
<tokenext>How about rewriting the law so that every request to my IT department does n't result in " This functionality would break SarBox compliance " , regardless of how related to SarBox the request actually is ?</tokentext>
<sentencetext>How about rewriting the law so that every request to my IT department doesn't result in "This functionality would break SarBox compliance", regardless of how related to SarBox the request actually is?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880</id>
	<title>SOX is choking our companies, kill it.</title>
	<author>SuperKendall</author>
	<datestamp>1259661960000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>I have worked for large companies in the past, and SOX is seriously undermining the ability to make changes, or indeed for rational process to take place in the daily operation of IT.</p><p>SOX was meant to prevent another ENRON, but those things will happen regardless of rules - look at the collapse of organizations like FannieMae, well after SOX was in place.  Instead we are harming all large businesses just to prevent a one-off case that we are not really preventing anyway!</p><p>Kill SOX and let companies get back to what they do best, instead of spending a lot of time simply deciding what compliance means and using the rules to build (even more) fiefdoms within giant companies.</p></htmltext>
<tokenext>I have worked for large companies in the past , and SOX is seriously undermining the ability to make changes , or indeed for rational process to take place in the daily operation of IT.SOX was meant to prevent another ENRON , but those things will happen regardless of rules - look at the collapse of organizations like FannieMae , well after SOX was in place .
Instead we are harming all large businesses just to prevent a one-off case that we are not really preventing anyway ! Kill SOX and let companies get back to what they do best , instead of spending a lot of time simply deciding what compliance means and using the rules to build ( even more ) fiefdoms within giant companies .</tokentext>
<sentencetext>I have worked for large companies in the past, and SOX is seriously undermining the ability to make changes, or indeed for rational process to take place in the daily operation of IT.SOX was meant to prevent another ENRON, but those things will happen regardless of rules - look at the collapse of organizations like FannieMae, well after SOX was in place.
Instead we are harming all large businesses just to prevent a one-off case that we are not really preventing anyway!Kill SOX and let companies get back to what they do best, instead of spending a lot of time simply deciding what compliance means and using the rules to build (even more) fiefdoms within giant companies.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30291066</id>
	<title>Re:SOX and IT is Poorly Understood</title>
	<author>Anonymous</author>
	<datestamp>1259671740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Yes, pretty much the entire point of SOX is to prevent the CEO from claiming</p><p>1) I never saw any documents regarding X and I'm a clueless fucktard who does very important things for my company but I have no idea what those things are or what my company does.<br>2) Yes, I signed a document, but I clearly recall the document I signed was regarding the rescue of cute fluffy kittens from trees.  Clearly some evil hacker altered the document to make it appear that I endorsed X without my knowledge.<br>3) No, we don't have an income stream from X and the auditor has the complete financial record of our company.</p><p>SOX has absolutely nothing to do with actual security, except where failure of that security may allow scenario #2 to happen.</p></htmltext>
<tokenext>Yes , pretty much the entire point of SOX is to prevent the CEO from claiming1 ) I never saw any documents regarding X and I 'm a clueless fucktard who does very important things for my company but I have no idea what those things are or what my company does.2 ) Yes , I signed a document , but I clearly recall the document I signed was regarding the rescue of cute fluffy kittens from trees .
Clearly some evil hacker altered the document to make it appear that I endorsed X without my knowledge.3 ) No , we do n't have an income stream from X and the auditor has the complete financial record of our company.SOX has absolutely nothing to do with actual security , except where failure of that security may allow scenario # 2 to happen .</tokentext>
<sentencetext>Yes, pretty much the entire point of SOX is to prevent the CEO from claiming1) I never saw any documents regarding X and I'm a clueless fucktard who does very important things for my company but I have no idea what those things are or what my company does.2) Yes, I signed a document, but I clearly recall the document I signed was regarding the rescue of cute fluffy kittens from trees.
Clearly some evil hacker altered the document to make it appear that I endorsed X without my knowledge.3) No, we don't have an income stream from X and the auditor has the complete financial record of our company.SOX has absolutely nothing to do with actual security, except where failure of that security may allow scenario #2 to happen.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289936</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290134</id>
	<title>Re:SarBox is always the excuse</title>
	<author>mujadaddy</author>
	<datestamp>1259667420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>How about rewriting the law so that every request to my IT department <b>does</b> result in "This functionality would break SarBox compliance", regardless of how related to SarBox the request actually is?</p></div><p>T,FTFY</p></div>
	</htmltext>
<tokenext>How about rewriting the law so that every request to my IT department does result in " This functionality would break SarBox compliance " , regardless of how related to SarBox the request actually is ? T,FTFY</tokentext>
<sentencetext>How about rewriting the law so that every request to my IT department does result in "This functionality would break SarBox compliance", regardless of how related to SarBox the request actually is?T,FTFY
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288634</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288984</id>
	<title>Re:not found</title>
	<author>Rudeboy777</author>
	<datestamp>1259662440000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext><tt>SOX 404 - Usefulness not found</tt></htmltext>
<tokenext>SOX 404 - Usefulness not found</tokentext>
<sentencetext>SOX 404 - Usefulness not found</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288564</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289476</id>
	<title>SarBox?</title>
	<author>Lord Ender</author>
	<datestamp>1259664720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Who refers to Sarbanes Oxley asn SarBox? I've only ever heard of it as "SOX." I can't imagine why the "b" would be stressed, anyway.</p><p>I know this is the internet, but we really shouldn't just go around inventing acronyms for headlines.</p></htmltext>
<tokenext>Who refers to Sarbanes Oxley asn SarBox ?
I 've only ever heard of it as " SOX .
" I ca n't imagine why the " b " would be stressed , anyway.I know this is the internet , but we really should n't just go around inventing acronyms for headlines .</tokentext>
<sentencetext>Who refers to Sarbanes Oxley asn SarBox?
I've only ever heard of it as "SOX.
" I can't imagine why the "b" would be stressed, anyway.I know this is the internet, but we really shouldn't just go around inventing acronyms for headlines.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30299590</id>
	<title>Re:SOX is choking our companies, kill it.</title>
	<author>alcourt</author>
	<datestamp>1259607000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Actually, what is needed is a clueful audit response department.  This department would be able to classify systems as SOX impacted or not depending on if they process data that is relevant to SOX.  Then, you make sure you have a reasonably effective security policy and follow it.</p><p>It seems a lot of companies have a problem with writing a security policy that is reasonably effective.  Many firms I've seen seem to do the "wink system", where they write a ridiculous policy that is impossible to follow in reality, then wonder why the auditors hold them to that policy as audit findings.</p><p>Others write policies that don't even pretend to cover basic security.  The model at some of those firms seems to be "What developer wants, gets."  Developer wants unrestricted permanent root on the prod box?  They get it.  Developer wants direct login to shared accounts as a part of the application?  They get it, and no one dares tell them no.</p><p>A lot of what I've seen as very effective in audits is to provide for a strong audit trail of who did what.  There are multiple ways to do that.  Have a process in place to detect errors, and a check to ensure that process is being followed.  Ensure that no one person can do something malicious and erase all evidence of it.</p><p>Disclaimer, part of my job is audit response on SOX and PCI and other audits, preparing servers for the audit, ensuring compliance outside the audit, etc.</p></htmltext>
<tokenext>Actually , what is needed is a clueful audit response department .
This department would be able to classify systems as SOX impacted or not depending on if they process data that is relevant to SOX .
Then , you make sure you have a reasonably effective security policy and follow it.It seems a lot of companies have a problem with writing a security policy that is reasonably effective .
Many firms I 've seen seem to do the " wink system " , where they write a ridiculous policy that is impossible to follow in reality , then wonder why the auditors hold them to that policy as audit findings.Others write policies that do n't even pretend to cover basic security .
The model at some of those firms seems to be " What developer wants , gets .
" Developer wants unrestricted permanent root on the prod box ?
They get it .
Developer wants direct login to shared accounts as a part of the application ?
They get it , and no one dares tell them no.A lot of what I 've seen as very effective in audits is to provide for a strong audit trail of who did what .
There are multiple ways to do that .
Have a process in place to detect errors , and a check to ensure that process is being followed .
Ensure that no one person can do something malicious and erase all evidence of it.Disclaimer , part of my job is audit response on SOX and PCI and other audits , preparing servers for the audit , ensuring compliance outside the audit , etc .</tokentext>
<sentencetext>Actually, what is needed is a clueful audit response department.
This department would be able to classify systems as SOX impacted or not depending on if they process data that is relevant to SOX.
Then, you make sure you have a reasonably effective security policy and follow it.It seems a lot of companies have a problem with writing a security policy that is reasonably effective.
Many firms I've seen seem to do the "wink system", where they write a ridiculous policy that is impossible to follow in reality, then wonder why the auditors hold them to that policy as audit findings.Others write policies that don't even pretend to cover basic security.
The model at some of those firms seems to be "What developer wants, gets.
"  Developer wants unrestricted permanent root on the prod box?
They get it.
Developer wants direct login to shared accounts as a part of the application?
They get it, and no one dares tell them no.A lot of what I've seen as very effective in audits is to provide for a strong audit trail of who did what.
There are multiple ways to do that.
Have a process in place to detect errors, and a check to ensure that process is being followed.
Ensure that no one person can do something malicious and erase all evidence of it.Disclaimer, part of my job is audit response on SOX and PCI and other audits, preparing servers for the audit, ensuring compliance outside the audit, etc.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288988</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290252</id>
	<title>fuC4?</title>
	<author>Anonymous</author>
	<datestamp>1259667960000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext>serves to reinfo8ce session and join in any parting shot,</htmltext>
<tokenext>serves to reinfo8ce session and join in any parting shot,</tokentext>
<sentencetext>serves to reinfo8ce session and join in any parting shot,</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289278</id>
	<title>Re:Rule #1 of government....</title>
	<author>megamerican</author>
	<datestamp>1259663880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Wrong.</p><p>The primary function of government is to pretend to fail.</p><p>That way they get more money and power to correct the failure. If the purpose was to "fail" then it is no longer a failure and should be considered an accomplishment.</p><p>Anytime you hear "failure of..." anything involved with government replace it with accomplishment.</p></htmltext>
<tokenext>Wrong.The primary function of government is to pretend to fail.That way they get more money and power to correct the failure .
If the purpose was to " fail " then it is no longer a failure and should be considered an accomplishment.Anytime you hear " failure of... " anything involved with government replace it with accomplishment .</tokentext>
<sentencetext>Wrong.The primary function of government is to pretend to fail.That way they get more money and power to correct the failure.
If the purpose was to "fail" then it is no longer a failure and should be considered an accomplishment.Anytime you hear "failure of..." anything involved with government replace it with accomplishment.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288664</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289604</id>
	<title>Re:Silver Lining.</title>
	<author>http</author>
	<datestamp>1259665200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>And what, pray tell, is "PD" in this lingo you're using?</htmltext>
<tokenext>And what , pray tell , is " PD " in this lingo you 're using ?</tokentext>
<sentencetext>And what, pray tell, is "PD" in this lingo you're using?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288932</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290762</id>
	<title>Re:SOX is choking our companies, kill it.</title>
	<author>Anonymous</author>
	<datestamp>1259670360000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p><div class="quote"><p>I have worked for large companies in the past, and SOX is seriously undermining the ability to make changes, or indeed for rational process to take place in the daily operation of IT.</p></div><p>It's doing no such thing. People may be using it as an excuse to build an empire or do stupid things, but that's not the fault of SOX. I worked for a *VERY* large financial company (the overall IT budget, across all branches, businesses, etc, was measured in the *billions* of dollars), and not once were we stopped from doing anything because of SOX. Not once was it even an issue, either.</p><p>Put the blame where it belongs, on stupid people. Then fire them.</p></div>
	</htmltext>
<tokenext>I have worked for large companies in the past , and SOX is seriously undermining the ability to make changes , or indeed for rational process to take place in the daily operation of IT.It 's doing no such thing .
People may be using it as an excuse to build an empire or do stupid things , but that 's not the fault of SOX .
I worked for a * VERY * large financial company ( the overall IT budget , across all branches , businesses , etc , was measured in the * billions * of dollars ) , and not once were we stopped from doing anything because of SOX .
Not once was it even an issue , either.Put the blame where it belongs , on stupid people .
Then fire them .</tokentext>
<sentencetext>I have worked for large companies in the past, and SOX is seriously undermining the ability to make changes, or indeed for rational process to take place in the daily operation of IT.It's doing no such thing.
People may be using it as an excuse to build an empire or do stupid things, but that's not the fault of SOX.
I worked for a *VERY* large financial company (the overall IT budget, across all branches, businesses, etc, was measured in the *billions* of dollars), and not once were we stopped from doing anything because of SOX.
Not once was it even an issue, either.Put the blame where it belongs, on stupid people.
Then fire them.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288996</id>
	<title>Re:SarBox?</title>
	<author>Anonymous</author>
	<datestamp>1259662500000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>"SarBox" is frequently used in marketing publications.</p><p>At a previous job I had a marketing idiot come up to me and ask about our compliance. He kept using that term, and I had no idea what he meant at first.</p><p>But like you mentioned, most auditors, techs and engineers prefer "SOX".</p></htmltext>
<tokenext>" SarBox " is frequently used in marketing publications.At a previous job I had a marketing idiot come up to me and ask about our compliance .
He kept using that term , and I had no idea what he meant at first.But like you mentioned , most auditors , techs and engineers prefer " SOX " .</tokentext>
<sentencetext>"SarBox" is frequently used in marketing publications.At a previous job I had a marketing idiot come up to me and ask about our compliance.
He kept using that term, and I had no idea what he meant at first.But like you mentioned, most auditors, techs and engineers prefer "SOX".</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288772</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288564</id>
	<title>not found</title>
	<author>Anonymous</author>
	<datestamp>1259660820000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext>I tried to look up this 404 thing, but I couldn't find it anywhere.</htmltext>
<tokenext>I tried to look up this 404 thing , but I could n't find it anywhere .</tokentext>
<sentencetext>I tried to look up this 404 thing, but I couldn't find it anywhere.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30298016</id>
	<title>Re:SarBox?</title>
	<author>Anonymous</author>
	<datestamp>1259600160000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Posted by kdawson, obviously.</p></htmltext>
<tokenext>Posted by kdawson , obviously .</tokentext>
<sentencetext>Posted by kdawson, obviously.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288772</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30292904</id>
	<title>Re:SarBox?</title>
	<author>Bigjeff5</author>
	<datestamp>1259683260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>But I like SarBox...</p></htmltext>
<tokenext>But I like SarBox.. .</tokentext>
<sentencetext>But I like SarBox...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288772</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30292194</id>
	<title>Re:SOX is choking our companies, kill it.</title>
	<author>techno-vampire</author>
	<datestamp>1259678040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><i>I was told that ALL CHANGES had to go on the CEO change calendar and that we would become very familiar with the assistant that scheduled the CEO change meetings.</i> <p>
Sounds to me like somebody in your company has a micro-management fetish.  BTDTGTTS.  You have my sympathy!</p></htmltext>
<tokenext>I was told that ALL CHANGES had to go on the CEO change calendar and that we would become very familiar with the assistant that scheduled the CEO change meetings .
Sounds to me like somebody in your company has a micro-management fetish .
BTDTGTTS. You have my sympathy !</tokentext>
<sentencetext>I was told that ALL CHANGES had to go on the CEO change calendar and that we would become very familiar with the assistant that scheduled the CEO change meetings.
Sounds to me like somebody in your company has a micro-management fetish.
BTDTGTTS.  You have my sympathy!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289832</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30292376</id>
	<title>Re:Budgest re-adjustment...</title>
	<author>turbidostato</author>
	<datestamp>1259679180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>"Well at least now they'll spend all that money on making sure things are actually secure!"</p><p>Why, oh why!!!???</p><p>No sir: they'll spend all that money on making sure they earn even *more* money.  What else?</p></htmltext>
<tokenext>" Well at least now they 'll spend all that money on making sure things are actually secure !
" Why , oh why ! ! ! ? ?
? No sir : they 'll spend all that money on making sure they earn even * more * money .
What else ?</tokentext>
<sentencetext>"Well at least now they'll spend all that money on making sure things are actually secure!
"Why, oh why!!!??
?No sir: they'll spend all that money on making sure they earn even *more* money.
What else?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288592</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289384</id>
	<title>Re:SOX is choking our companies, kill it.</title>
	<author>Zalbik</author>
	<datestamp>1259664360000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><blockquote><div><p>SOX was meant to prevent another ENRON, but those things will happen regardless of rules - look at the collapse of organizations like FannieMae, well after SOX was in place.</p></div></blockquote><p>Huh?  Do you even have a clue what caused the collapse of Enron vs. what caused the collapse of Fannie Mae?</p><p>To use the mandatory car analogy, your argument is something like:<br>I put winter tires on my car, but then I was t-boned at an intersection when I ran a red light.  See, winter tires don't help prevent accidents!</p><p>The two scenarios were completely different.  Most of what SOX requires for IT should fall under good IT practice anyways.  It basically requires controls to be implemented on financial systems in order to prevent fraudulent changes to financial data.</p><p>Now I realize people at some corporations have used SOX as a big bat to force in their own pet IT projects.  Or as a way of preventing any IT changes that they don't agree with, but that isn't the fault of SOX.</p><p>If people are building personal fiefdom's within corporations, they'll do so with or without some legislation to use as an excuse.</p></div>
	</htmltext>
<tokenext>SOX was meant to prevent another ENRON , but those things will happen regardless of rules - look at the collapse of organizations like FannieMae , well after SOX was in place.Huh ?
Do you even have a clue what caused the collapse of Enron vs. what caused the collapse of Fannie Mae ? To use the mandatory car analogy , your argument is something like : I put winter tires on my car , but then I was t-boned at an intersection when I ran a red light .
See , winter tires do n't help prevent accidents ! The two scenarios were completely different .
Most of what SOX requires for IT should fall under good IT practice anyways .
It basically requires controls to be implemented on financial systems in order to prevent fraudulent changes to financial data.Now I realize people at some corporations have used SOX as a big bat to force in their own pet IT projects .
Or as a way of preventing any IT changes that they do n't agree with , but that is n't the fault of SOX.If people are building personal fiefdom 's within corporations , they 'll do so with or without some legislation to use as an excuse .</tokentext>
<sentencetext>SOX was meant to prevent another ENRON, but those things will happen regardless of rules - look at the collapse of organizations like FannieMae, well after SOX was in place.Huh?
Do you even have a clue what caused the collapse of Enron vs. what caused the collapse of Fannie Mae?To use the mandatory car analogy, your argument is something like:I put winter tires on my car, but then I was t-boned at an intersection when I ran a red light.
See, winter tires don't help prevent accidents!The two scenarios were completely different.
Most of what SOX requires for IT should fall under good IT practice anyways.
It basically requires controls to be implemented on financial systems in order to prevent fraudulent changes to financial data.Now I realize people at some corporations have used SOX as a big bat to force in their own pet IT projects.
Or as a way of preventing any IT changes that they don't agree with, but that isn't the fault of SOX.If people are building personal fiefdom's within corporations, they'll do so with or without some legislation to use as an excuse.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289128</id>
	<title>Re:SOX is choking our companies, kill it.</title>
	<author>Archangel Michael</author>
	<datestamp>1259663160000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>You can usually make the case for MOST government regulations of businesses. Laws aren't for the lawful, but for the unlawful. Wherever the line is drawn, there will always be people who skirt around at that edge.</p><p>If laws and regulations move too far away from the edge, the laws themselves become the end of, not the means of, compliance. Everyone becomes a lawbreaker, and there is no room for discretion.</p><p>You can see this in all the zero tolerance laws in place. Zero tolerance laws do not stop anything, and just make more people criminals, like little boys coming to kindergarten with a camping fork, knife, spoon gadget getting expelled because he brought a knife to school. Zero Tolerance! No excuses! He Broke the LAW!!!!</p><p>I've written on this before. I call it the "There ought to be a law" syndrome. Everytime someone says "there ought to be a law", someone needs to ask a simple question "WHY?". WHY is it that the existing laws aren't applicable? How will this new law break the necessary shades of gray around the edges? Asshats live there, we all agree. Changing this isn't going to change the asshats.</p><p>Sometimes the only thing that will change the asshats is a good old fashion asswhooping.</p></htmltext>
<tokenext>You can usually make the case for MOST government regulations of businesses .
Laws are n't for the lawful , but for the unlawful .
Wherever the line is drawn , there will always be people who skirt around at that edge.If laws and regulations move too far away from the edge , the laws themselves become the end of , not the means of , compliance .
Everyone becomes a lawbreaker , and there is no room for discretion.You can see this in all the zero tolerance laws in place .
Zero tolerance laws do not stop anything , and just make more people criminals , like little boys coming to kindergarten with a camping fork , knife , spoon gadget getting expelled because he brought a knife to school .
Zero Tolerance !
No excuses !
He Broke the LAW ! ! !
! I 've written on this before .
I call it the " There ought to be a law " syndrome .
Everytime someone says " there ought to be a law " , someone needs to ask a simple question " WHY ? " .
WHY is it that the existing laws are n't applicable ?
How will this new law break the necessary shades of gray around the edges ?
Asshats live there , we all agree .
Changing this is n't going to change the asshats.Sometimes the only thing that will change the asshats is a good old fashion asswhooping .</tokentext>
<sentencetext>You can usually make the case for MOST government regulations of businesses.
Laws aren't for the lawful, but for the unlawful.
Wherever the line is drawn, there will always be people who skirt around at that edge.If laws and regulations move too far away from the edge, the laws themselves become the end of, not the means of, compliance.
Everyone becomes a lawbreaker, and there is no room for discretion.You can see this in all the zero tolerance laws in place.
Zero tolerance laws do not stop anything, and just make more people criminals, like little boys coming to kindergarten with a camping fork, knife, spoon gadget getting expelled because he brought a knife to school.
Zero Tolerance!
No excuses!
He Broke the LAW!!!
!I've written on this before.
I call it the "There ought to be a law" syndrome.
Everytime someone says "there ought to be a law", someone needs to ask a simple question "WHY?".
WHY is it that the existing laws aren't applicable?
How will this new law break the necessary shades of gray around the edges?
Asshats live there, we all agree.
Changing this isn't going to change the asshats.Sometimes the only thing that will change the asshats is a good old fashion asswhooping.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290528</id>
	<title>Re:SOX is choking our companies, kill it.</title>
	<author>Nausea</author>
	<datestamp>1259669400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>AMEN!  To rub salt in the wounds, SOX implementation in an existing company doing an IPO is, to say the least, horrifically *painful*!  Nevermind all the 'wasted' money and time on compliance audits.  "Oh, you have put in a ticket to make that little change" results in a ticket that several others have to touch/test/verify - thus even menial changes to systems can potentially rot for weeks.  While I'm not saying it isn't good to have a paper trail / change log and verification of work, SOX adds a whole new level of idiocy to what would otherwise be 10 minutes of actual work.  I can see some parts of it remaining viable, such as accounting practices - but most of the IT portions need to be trashed.

One of my big beefs with SOX compliance is that it doesn't really mean better \_anything\_ to the company (though it *might* bring about a handful of better practices here &amp; there). Instead, it saddles most of the staff with a bunch of inefficient 'busywork' - and in many cases extra software and other crap the company never really needed in the 1st place - all for the mere illusion of a better business 'machine' (one that honestly worked great before SOX came along).

I'd love to see some real examples of how SOX has actually \_improved\_ companies that are forced to implement it...</htmltext>
<tokenext>AMEN !
To rub salt in the wounds , SOX implementation in an existing company doing an IPO is , to say the least , horrifically * painful * !
Nevermind all the 'wasted ' money and time on compliance audits .
" Oh , you have put in a ticket to make that little change " results in a ticket that several others have to touch/test/verify - thus even menial changes to systems can potentially rot for weeks .
While I 'm not saying it is n't good to have a paper trail / change log and verification of work , SOX adds a whole new level of idiocy to what would otherwise be 10 minutes of actual work .
I can see some parts of it remaining viable , such as accounting practices - but most of the IT portions need to be trashed .
One of my big beefs with SOX compliance is that it does n't really mean better \ _anything \ _ to the company ( though it * might * bring about a handful of better practices here &amp; there ) .
Instead , it saddles most of the staff with a bunch of inefficient 'busywork ' - and in many cases extra software and other crap the company never really needed in the 1st place - all for the mere illusion of a better business 'machine ' ( one that honestly worked great before SOX came along ) .
I 'd love to see some real examples of how SOX has actually \ _improved \ _ companies that are forced to implement it.. .</tokentext>
<sentencetext>AMEN!
To rub salt in the wounds, SOX implementation in an existing company doing an IPO is, to say the least, horrifically *painful*!
Nevermind all the 'wasted' money and time on compliance audits.
"Oh, you have put in a ticket to make that little change" results in a ticket that several others have to touch/test/verify - thus even menial changes to systems can potentially rot for weeks.
While I'm not saying it isn't good to have a paper trail / change log and verification of work, SOX adds a whole new level of idiocy to what would otherwise be 10 minutes of actual work.
I can see some parts of it remaining viable, such as accounting practices - but most of the IT portions need to be trashed.
One of my big beefs with SOX compliance is that it doesn't really mean better \_anything\_ to the company (though it *might* bring about a handful of better practices here &amp; there).
Instead, it saddles most of the staff with a bunch of inefficient 'busywork' - and in many cases extra software and other crap the company never really needed in the 1st place - all for the mere illusion of a better business 'machine' (one that honestly worked great before SOX came along).
I'd love to see some real examples of how SOX has actually \_improved\_ companies that are forced to implement it...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290540</id>
	<title>Re:SOX is choking our companies, kill it.</title>
	<author>aynoknman</author>
	<datestamp>1259669460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>The fact is that SOX was doomed to fail because you can&rsquo;t impose rigorous rules on US companies if foreign companies don&rsquo;t have to follow the same rules &ndash; it is a Global world out there and adding huge overhead to your domestic companies just mean more outsourcing and more domestic bankruptcies as they can&rsquo;t compete with slimmer/trimmer overseas companies.</p></div><p>This is also known as 'race to the bottom.' It happens with corporate governance as well as taxes and wages.</p></div>
	</htmltext>
<tokenext>The fact is that SOX was doomed to fail because you can    t impose rigorous rules on US companies if foreign companies don    t have to follow the same rules    it is a Global world out there and adding huge overhead to your domestic companies just mean more outsourcing and more domestic bankruptcies as they can    t compete with slimmer/trimmer overseas companies.This is also known as 'race to the bottom .
' It happens with corporate governance as well as taxes and wages .</tokentext>
<sentencetext>The fact is that SOX was doomed to fail because you can’t impose rigorous rules on US companies if foreign companies don’t have to follow the same rules – it is a Global world out there and adding huge overhead to your domestic companies just mean more outsourcing and more domestic bankruptcies as they can’t compete with slimmer/trimmer overseas companies.This is also known as 'race to the bottom.
' It happens with corporate governance as well as taxes and wages.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289832</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288932</id>
	<title>Silver Lining.</title>
	<author>FatSean</author>
	<datestamp>1259662200000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>I inherited a bunch of apps that had atrocious logging practices.  They were inter-twined and when a problem arose, it was very difficult to PD.  Management didn't care to spend money adding some log statements, it was good enough.  SOX forced us to place logging statements at system boundries.  This wasn't a complete logging overhaul but it really did help with future PD.</p></htmltext>
<tokenext>I inherited a bunch of apps that had atrocious logging practices .
They were inter-twined and when a problem arose , it was very difficult to PD .
Management did n't care to spend money adding some log statements , it was good enough .
SOX forced us to place logging statements at system boundries .
This was n't a complete logging overhaul but it really did help with future PD .</tokentext>
<sentencetext>I inherited a bunch of apps that had atrocious logging practices.
They were inter-twined and when a problem arose, it was very difficult to PD.
Management didn't care to spend money adding some log statements, it was good enough.
SOX forced us to place logging statements at system boundries.
This wasn't a complete logging overhaul but it really did help with future PD.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289162</id>
	<title>sox isn't all about IT.</title>
	<author>Anonymous</author>
	<datestamp>1259663340000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>SOX compliance itself has more to do with accounting practices than it does with IT. IT related affairs only come into play when it goes hand in hand with the accounting/financial requirements. If you are relying entirely on SOX compliance laws and regulations to fulfill IT requirements and security standards, you are ill-prepared for IT compliance. <br> <br>
For example... per SOX, business documents and financial reports must be kept for 7 years. If you're documents and records just happen to be in digital format, then your are mandated to to have digital backup retention for 7 years...otherwise sox has nothing to do with your computers. SOX doesn't have enough meat on IT specific matters to be used as your sole baseline for IT requirements.
<br> <br>

I don't think SOX needs to be rewritten or abandoned...we just need a different solution to solve the IT problems.</htmltext>
<tokenext>SOX compliance itself has more to do with accounting practices than it does with IT .
IT related affairs only come into play when it goes hand in hand with the accounting/financial requirements .
If you are relying entirely on SOX compliance laws and regulations to fulfill IT requirements and security standards , you are ill-prepared for IT compliance .
For example... per SOX , business documents and financial reports must be kept for 7 years .
If you 're documents and records just happen to be in digital format , then your are mandated to to have digital backup retention for 7 years...otherwise sox has nothing to do with your computers .
SOX does n't have enough meat on IT specific matters to be used as your sole baseline for IT requirements .
I do n't think SOX needs to be rewritten or abandoned...we just need a different solution to solve the IT problems .</tokentext>
<sentencetext>SOX compliance itself has more to do with accounting practices than it does with IT.
IT related affairs only come into play when it goes hand in hand with the accounting/financial requirements.
If you are relying entirely on SOX compliance laws and regulations to fulfill IT requirements and security standards, you are ill-prepared for IT compliance.
For example... per SOX, business documents and financial reports must be kept for 7 years.
If you're documents and records just happen to be in digital format, then your are mandated to to have digital backup retention for 7 years...otherwise sox has nothing to do with your computers.
SOX doesn't have enough meat on IT specific matters to be used as your sole baseline for IT requirements.
I don't think SOX needs to be rewritten or abandoned...we just need a different solution to solve the IT problems.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290272</id>
	<title>Re:SarBox is always the excuse</title>
	<author>IrquiM</author>
	<datestamp>1259668080000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>How about rewriting the structure of the management as they clearly do not understand what 404 is all about?</p><p>404 doesn't tell you to do anything. It only ask you to show that you have internal controls and that they are deemed sufficient for a company of the type/size you're working for, and that you actually is following your controls. The auditors only task (related to 404) is to check that you do what you are saying and make a judgment on their observations.</p></htmltext>
<tokenext>How about rewriting the structure of the management as they clearly do not understand what 404 is all about ? 404 does n't tell you to do anything .
It only ask you to show that you have internal controls and that they are deemed sufficient for a company of the type/size you 're working for , and that you actually is following your controls .
The auditors only task ( related to 404 ) is to check that you do what you are saying and make a judgment on their observations .</tokentext>
<sentencetext>How about rewriting the structure of the management as they clearly do not understand what 404 is all about?404 doesn't tell you to do anything.
It only ask you to show that you have internal controls and that they are deemed sufficient for a company of the type/size you're working for, and that you actually is following your controls.
The auditors only task (related to 404) is to check that you do what you are saying and make a judgment on their observations.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288634</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288958</id>
	<title>Can the Supreme Court efficiently rule here?</title>
	<author>Tanks*Guns</author>
	<datestamp>1259662260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>From TFA "<i>Now, here&rsquo;s where things get interesting. Beckstead decided to sue PCOAB not over the deficiencies found, but rather the oversight board&rsquo;s very right to existence.</i>"
<br>
As a disclaimer I have to say I have worked for Financials IT for quite a while and SOX was quite literally the bane of our existence for over 3 years. Whether SOX is a true measure of compliance is still an open question on my mind<nobr> <wbr></nobr>...
<br>
The implication here is that if the Justices do rule in favor of Beckstead, what does that say about other government organizations that "audit" citizen's affairs?
<br>
In other words, you are told that all your servers must be 1U, you know this for a long time and make an effort to make sure every server is 1U, you go as far as dedicating an entire year in ensuring that servers must be 1U, then you get audited and they happen to find that 4U box your support guys used to launch all that crap that no other box was capable of handling, simultaneously, so you fail that portion of the audit.
<br>
You just SUE the people who enforce these efforts in the hopes that the very laws you knew about and made a concise effort to abide to get disregarded or amended in the course of a hearing? that's it?</htmltext>
<tokenext>From TFA " Now , here    s where things get interesting .
Beckstead decided to sue PCOAB not over the deficiencies found , but rather the oversight board    s very right to existence .
" As a disclaimer I have to say I have worked for Financials IT for quite a while and SOX was quite literally the bane of our existence for over 3 years .
Whether SOX is a true measure of compliance is still an open question on my mind .. . The implication here is that if the Justices do rule in favor of Beckstead , what does that say about other government organizations that " audit " citizen 's affairs ?
In other words , you are told that all your servers must be 1U , you know this for a long time and make an effort to make sure every server is 1U , you go as far as dedicating an entire year in ensuring that servers must be 1U , then you get audited and they happen to find that 4U box your support guys used to launch all that crap that no other box was capable of handling , simultaneously , so you fail that portion of the audit .
You just SUE the people who enforce these efforts in the hopes that the very laws you knew about and made a concise effort to abide to get disregarded or amended in the course of a hearing ?
that 's it ?</tokentext>
<sentencetext>From TFA "Now, here’s where things get interesting.
Beckstead decided to sue PCOAB not over the deficiencies found, but rather the oversight board’s very right to existence.
"

As a disclaimer I have to say I have worked for Financials IT for quite a while and SOX was quite literally the bane of our existence for over 3 years.
Whether SOX is a true measure of compliance is still an open question on my mind ...

The implication here is that if the Justices do rule in favor of Beckstead, what does that say about other government organizations that "audit" citizen's affairs?
In other words, you are told that all your servers must be 1U, you know this for a long time and make an effort to make sure every server is 1U, you go as far as dedicating an entire year in ensuring that servers must be 1U, then you get audited and they happen to find that 4U box your support guys used to launch all that crap that no other box was capable of handling, simultaneously, so you fail that portion of the audit.
You just SUE the people who enforce these efforts in the hopes that the very laws you knew about and made a concise effort to abide to get disregarded or amended in the course of a hearing?
that's it?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290052</id>
	<title>SOX SUX</title>
	<author>Anonymous</author>
	<datestamp>1259667000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I agree with the article:  it is something that auditing firms are using to scare the bejeesus out of everyone at the C-level.</p><p>It slows companies down in myriad ways.  Without preventing another Enron.  Evil people will do what evil people do, and SOX aint gonna stop them.</p><p>One other way it is abused: internal IT stonewalling.  Now our IT group has an easy deflection for any new project:  SOX.  it's like a bell rings when the say it, straight out of groucho marx.  I've given up even trying to fight.  When they play the SOX card, I just leave the room.  There's no winning the argument.</p></htmltext>
<tokenext>I agree with the article : it is something that auditing firms are using to scare the bejeesus out of everyone at the C-level.It slows companies down in myriad ways .
Without preventing another Enron .
Evil people will do what evil people do , and SOX aint gon na stop them.One other way it is abused : internal IT stonewalling .
Now our IT group has an easy deflection for any new project : SOX .
it 's like a bell rings when the say it , straight out of groucho marx .
I 've given up even trying to fight .
When they play the SOX card , I just leave the room .
There 's no winning the argument .</tokentext>
<sentencetext>I agree with the article:  it is something that auditing firms are using to scare the bejeesus out of everyone at the C-level.It slows companies down in myriad ways.
Without preventing another Enron.
Evil people will do what evil people do, and SOX aint gonna stop them.One other way it is abused: internal IT stonewalling.
Now our IT group has an easy deflection for any new project:  SOX.
it's like a bell rings when the say it, straight out of groucho marx.
I've given up even trying to fight.
When they play the SOX card, I just leave the room.
There's no winning the argument.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289312</id>
	<title>Re:SarBox?</title>
	<author>pentalive</author>
	<datestamp>1259664060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The box SARS <a href="http://en.wikipedia.org/wiki/Severe\_acute\_respiratory\_syndromecame" title="wikipedia.org">http://en.wikipedia.org/wiki/Severe\_acute\_respiratory\_syndromecame</a> [wikipedia.org] in?</htmltext>
<tokenext>The box SARS http : //en.wikipedia.org/wiki/Severe \ _acute \ _respiratory \ _syndromecame [ wikipedia.org ] in ?</tokentext>
<sentencetext>The box SARS http://en.wikipedia.org/wiki/Severe\_acute\_respiratory\_syndromecame [wikipedia.org] in?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288772</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288772</id>
	<title>SarBox?</title>
	<author>omnichad</author>
	<datestamp>1259661540000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>I've seen SOX, but never SarBox.  If you're going to CamelCase, do it right: SarbOx.</p></htmltext>
<tokenext>I 've seen SOX , but never SarBox .
If you 're going to CamelCase , do it right : SarbOx .</tokentext>
<sentencetext>I've seen SOX, but never SarBox.
If you're going to CamelCase, do it right: SarbOx.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30293306</id>
	<title>Re:sox isn't all about IT.</title>
	<author>Bigjeff5</author>
	<datestamp>1259687220000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Have you ever heard of Management of Change or Separation of Duties?</p><p>Both of those are a direct result of SOX that have a massive impact on everything IT does.  SOX affects backup policies, email policies, network policies, even instant messaging policies!</p><p>I recall telecom wanting to upgrade a 100mb line to a 1000mb line, they finished all the work, everything was good to go, it's an easy change, so when they were ready the sent in the MoC request necessary to unplug the network cable from the 100mb port and plug it in to the 1000mb port.  It came back a few days later that something on the form wasn't filled out quite right, ok no big deal, it's a complicated form for a stupid simple change, it can be hard to fill in all the blanks for that type of thing.  So they fixed it and sent it back.  Well, they didn't believe it, or something, and wanted a bigger impact study done on it.  I mean, for Christ's sake it's a frickin port swap! NOBODY is going to lose connectivity during the swap, you'll know in 10 seconds if it didn't work, and fixing it is as easy as plugging it back into the old port.  There is no impact at all.  In all it took about a month and 20-30 man-hours to unplug a network cable and plug it in to another port.</p><p>What does that have to do with SOX? Well, the only reason telecom has to go through that bullshit is because there are a helluva lot of accountants in the building, working with sensitive financial material, and even though there is no way such a change will ever affect them or the integrity of that financial data, it must all still comply with SOX.</p><p>This kind of crap costs IT departments buttloads of money, I mean, that was at least $1200 just to plug a network cable into a new port, it's 99\% of the cost of the entire job.  This crap happens on a regular basis, hugely inflating the cost of projects.</p><p>Separation of Duties makes some sense in some situations, but half the time it must be applied in an area that makes absolutely no sense, and that is determined entirely by these independant audit boards that have no oversight.</p></htmltext>
<tokenext>Have you ever heard of Management of Change or Separation of Duties ? Both of those are a direct result of SOX that have a massive impact on everything IT does .
SOX affects backup policies , email policies , network policies , even instant messaging policies ! I recall telecom wanting to upgrade a 100mb line to a 1000mb line , they finished all the work , everything was good to go , it 's an easy change , so when they were ready the sent in the MoC request necessary to unplug the network cable from the 100mb port and plug it in to the 1000mb port .
It came back a few days later that something on the form was n't filled out quite right , ok no big deal , it 's a complicated form for a stupid simple change , it can be hard to fill in all the blanks for that type of thing .
So they fixed it and sent it back .
Well , they did n't believe it , or something , and wanted a bigger impact study done on it .
I mean , for Christ 's sake it 's a frickin port swap !
NOBODY is going to lose connectivity during the swap , you 'll know in 10 seconds if it did n't work , and fixing it is as easy as plugging it back into the old port .
There is no impact at all .
In all it took about a month and 20-30 man-hours to unplug a network cable and plug it in to another port.What does that have to do with SOX ?
Well , the only reason telecom has to go through that bullshit is because there are a helluva lot of accountants in the building , working with sensitive financial material , and even though there is no way such a change will ever affect them or the integrity of that financial data , it must all still comply with SOX.This kind of crap costs IT departments buttloads of money , I mean , that was at least $ 1200 just to plug a network cable into a new port , it 's 99 \ % of the cost of the entire job .
This crap happens on a regular basis , hugely inflating the cost of projects.Separation of Duties makes some sense in some situations , but half the time it must be applied in an area that makes absolutely no sense , and that is determined entirely by these independant audit boards that have no oversight .</tokentext>
<sentencetext>Have you ever heard of Management of Change or Separation of Duties?Both of those are a direct result of SOX that have a massive impact on everything IT does.
SOX affects backup policies, email policies, network policies, even instant messaging policies!I recall telecom wanting to upgrade a 100mb line to a 1000mb line, they finished all the work, everything was good to go, it's an easy change, so when they were ready the sent in the MoC request necessary to unplug the network cable from the 100mb port and plug it in to the 1000mb port.
It came back a few days later that something on the form wasn't filled out quite right, ok no big deal, it's a complicated form for a stupid simple change, it can be hard to fill in all the blanks for that type of thing.
So they fixed it and sent it back.
Well, they didn't believe it, or something, and wanted a bigger impact study done on it.
I mean, for Christ's sake it's a frickin port swap!
NOBODY is going to lose connectivity during the swap, you'll know in 10 seconds if it didn't work, and fixing it is as easy as plugging it back into the old port.
There is no impact at all.
In all it took about a month and 20-30 man-hours to unplug a network cable and plug it in to another port.What does that have to do with SOX?
Well, the only reason telecom has to go through that bullshit is because there are a helluva lot of accountants in the building, working with sensitive financial material, and even though there is no way such a change will ever affect them or the integrity of that financial data, it must all still comply with SOX.This kind of crap costs IT departments buttloads of money, I mean, that was at least $1200 just to plug a network cable into a new port, it's 99\% of the cost of the entire job.
This crap happens on a regular basis, hugely inflating the cost of projects.Separation of Duties makes some sense in some situations, but half the time it must be applied in an area that makes absolutely no sense, and that is determined entirely by these independant audit boards that have no oversight.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289162</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289812</id>
	<title>Re:SOX is choking our companies, kill it.</title>
	<author>illumin8</author>
	<datestamp>1259666160000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><blockquote><div><p>I have worked for large companies in the past, and SOX is seriously undermining the ability to make changes, or indeed for rational process to take place in the daily operation of IT.</p></div></blockquote><p>Yeah, but you need to look at the bright side of SOX for us (educated security geeks).  When someone wants to do something really dumb like put a web app into production with no logging and no security, you can just tell them to fuck off, because of SOX.  Also, if you're a security consultant with half a brain and know how to setup auditing on *nix related systems you can make a lot of money consulting.</p><p>SOX is worth it just for being able to tell a stupid developer that he can't do something that puts the security of my systems in jeopardy.</p></div>
	</htmltext>
<tokenext>I have worked for large companies in the past , and SOX is seriously undermining the ability to make changes , or indeed for rational process to take place in the daily operation of IT.Yeah , but you need to look at the bright side of SOX for us ( educated security geeks ) .
When someone wants to do something really dumb like put a web app into production with no logging and no security , you can just tell them to fuck off , because of SOX .
Also , if you 're a security consultant with half a brain and know how to setup auditing on * nix related systems you can make a lot of money consulting.SOX is worth it just for being able to tell a stupid developer that he ca n't do something that puts the security of my systems in jeopardy .</tokentext>
<sentencetext>I have worked for large companies in the past, and SOX is seriously undermining the ability to make changes, or indeed for rational process to take place in the daily operation of IT.Yeah, but you need to look at the bright side of SOX for us (educated security geeks).
When someone wants to do something really dumb like put a web app into production with no logging and no security, you can just tell them to fuck off, because of SOX.
Also, if you're a security consultant with half a brain and know how to setup auditing on *nix related systems you can make a lot of money consulting.SOX is worth it just for being able to tell a stupid developer that he can't do something that puts the security of my systems in jeopardy.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289494</id>
	<title>Re:Can the Supreme Court efficiently rule here?</title>
	<author>Anonymous</author>
	<datestamp>1259664780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>The implication here is that if the Justices do rule in favor of Beckstead, what does that say about other government organizations that "audit" citizen's affairs?</p></div><p>If you had read the full article you might also have noticed that the crux of the argument is that the PCOAB is set up as an independent organization independent of the executive or legislative branches. So, if the ruling goes for Beckstead nothing happens to most other "auditing" agencies. I can't think of any off the top of my head that have been granted some manner of legal authority and are not subject to some manner of appointment process by congress or the executive branch (although some of them arguably might be better off if they were).</p></div>
	</htmltext>
<tokenext>The implication here is that if the Justices do rule in favor of Beckstead , what does that say about other government organizations that " audit " citizen 's affairs ? If you had read the full article you might also have noticed that the crux of the argument is that the PCOAB is set up as an independent organization independent of the executive or legislative branches .
So , if the ruling goes for Beckstead nothing happens to most other " auditing " agencies .
I ca n't think of any off the top of my head that have been granted some manner of legal authority and are not subject to some manner of appointment process by congress or the executive branch ( although some of them arguably might be better off if they were ) .</tokentext>
<sentencetext>The implication here is that if the Justices do rule in favor of Beckstead, what does that say about other government organizations that "audit" citizen's affairs?If you had read the full article you might also have noticed that the crux of the argument is that the PCOAB is set up as an independent organization independent of the executive or legislative branches.
So, if the ruling goes for Beckstead nothing happens to most other "auditing" agencies.
I can't think of any off the top of my head that have been granted some manner of legal authority and are not subject to some manner of appointment process by congress or the executive branch (although some of them arguably might be better off if they were).
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288958</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290392</id>
	<title>It's about time.</title>
	<author>rickb928</author>
	<datestamp>1259668620000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>We need a good <a href="http://www.usconstitution.net/const.html#A1Sec10" title="usconstitution.net">Article 10</a> [usconstitution.net] fight.  Now.</p><p>Washington is out of control, and has been for a while.  As good a time as any to make a stand.</p></htmltext>
<tokenext>We need a good Article 10 [ usconstitution.net ] fight .
Now.Washington is out of control , and has been for a while .
As good a time as any to make a stand .</tokentext>
<sentencetext>We need a good Article 10 [usconstitution.net] fight.
Now.Washington is out of control, and has been for a while.
As good a time as any to make a stand.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288650</id>
	<title>Strange</title>
	<author>PiAndWhippedCream</author>
	<datestamp>1259661060000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>0</modscore>
	<htmltext>I was never able to find that section, kept returning a "not found" error or something.</htmltext>
<tokenext>I was never able to find that section , kept returning a " not found " error or something .</tokentext>
<sentencetext>I was never able to find that section, kept returning a "not found" error or something.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288664</id>
	<title>Rule #1 of government....</title>
	<author>croftj</author>
	<datestamp>1259661060000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>The primary purpose of  every law passed has the creating 1 or more jobs, whether they are productive jobs or not.</p></htmltext>
<tokenext>The primary purpose of every law passed has the creating 1 or more jobs , whether they are productive jobs or not .</tokentext>
<sentencetext>The primary purpose of  every law passed has the creating 1 or more jobs, whether they are productive jobs or not.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30291670</id>
	<title>Re:not found</title>
	<author>sexconker</author>
	<datestamp>1259675040000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>I came to see the 404 jokes.<br>I was not disappointed.</p></htmltext>
<tokenext>I came to see the 404 jokes.I was not disappointed .</tokentext>
<sentencetext>I came to see the 404 jokes.I was not disappointed.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288564</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288592</id>
	<title>Budgest re-adjustment...</title>
	<author>bluesatin</author>
	<datestamp>1259660880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Well at least now they'll spend all that money on making sure things are actually secure!</p></htmltext>
<tokenext>Well at least now they 'll spend all that money on making sure things are actually secure !</tokentext>
<sentencetext>Well at least now they'll spend all that money on making sure things are actually secure!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30296814</id>
	<title>Getting rid of SarBox won't help with that problem</title>
	<author>Anonymous</author>
	<datestamp>1259593980000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The IT department will simply come up with another excuse.  The preventers of information services are quite adaptable.  When you ask for something that the blessed vendors are good at (or requires actual work), the response is the excuse-du-jour.   SarBox is popular, but there are many others.</p></htmltext>
<tokenext>The IT department will simply come up with another excuse .
The preventers of information services are quite adaptable .
When you ask for something that the blessed vendors are good at ( or requires actual work ) , the response is the excuse-du-jour .
SarBox is popular , but there are many others .</tokentext>
<sentencetext>The IT department will simply come up with another excuse.
The preventers of information services are quite adaptable.
When you ask for something that the blessed vendors are good at (or requires actual work), the response is the excuse-du-jour.
SarBox is popular, but there are many others.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288634</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289936</id>
	<title>SOX and IT is Poorly Understood</title>
	<author>Anonymous</author>
	<datestamp>1259666520000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>I am a SOX IT auditor, so here are a few thoughts.  Yes, I'm posting as an Anonymous Coward because I don't want my name tied to this in case someone from my firm sees this.</p><p>1.  SOX is not about information security and security events.  It's about determining if sufficient controls are present to prevent or detect material misstatement in the financial statements.  For example, you have crappy network security.  A hacker breaks in and steals customer information.  While very damaging, there is no impact on the financial statements from a reporting standpoint (assuming that your accounting department properly books the entries for any fines and penalties - and this is assuming the hacker only copied data and didn't submit anything falsely).  If a hacker did submit something falsely, the auditors would fall back on manual review controls, in the business processes (e.g., reconciliations) to try to identify anything major.</p><p>2.  If your IT auditor's told you that to be SOX compliant you had to log everything, then you were told incorrectly.  We only want to look at logs when we find major problems elsewhere, and we are only wanting to look at the logs to try to determine the level of risk associated with the issues we have identified.  Logging of failed login attempts is useless, for SOX, since the account wasn't used (hence FAILED login attempts).  Obviously, many of these things are good to look at for overall security, but they have no impact for SOX.</p><p>3.  Here are the basics for IT SOX compliance:<br>
&nbsp; &nbsp; a.  Basic segregation of duties.  The major problem here is that many companies let their developers have full access to production environments or let end users be system administrators.<br>
&nbsp; &nbsp; b.  Have a decent change management process.  Again, don't let your developers have update access to the production environments.  Make sure you keep documentation showing that changes are tested and approved.  This doesn't have to be anything fancy.<br>
&nbsp; &nbsp; c.  Have a decent process to document new system implementations and major system upgrades.  I can't begin to tell you how many times I've had clients implement new systems and give everyone full access just because it was easier or didn't check to see that they converted their data from the legacy application to the new application completely and accurately.<br>
&nbsp; &nbsp; d.  Have a process to follow-up on production processing errors / major events.  If you have tons of job / batch processing abends and can't show that they were resolved in a timely manner, we can't be sure that transactions didn't get dropped.</p><p>Obviously, SOX can be very complex, especially if you have a very complex environment.  However, if you actually read Section 404, there is nothing there that calls out specifics (i.e., like the specifics listed to be PCI compliant).  It should be all about risk management.</p></htmltext>
<tokenext>I am a SOX IT auditor , so here are a few thoughts .
Yes , I 'm posting as an Anonymous Coward because I do n't want my name tied to this in case someone from my firm sees this.1 .
SOX is not about information security and security events .
It 's about determining if sufficient controls are present to prevent or detect material misstatement in the financial statements .
For example , you have crappy network security .
A hacker breaks in and steals customer information .
While very damaging , there is no impact on the financial statements from a reporting standpoint ( assuming that your accounting department properly books the entries for any fines and penalties - and this is assuming the hacker only copied data and did n't submit anything falsely ) .
If a hacker did submit something falsely , the auditors would fall back on manual review controls , in the business processes ( e.g. , reconciliations ) to try to identify anything major.2 .
If your IT auditor 's told you that to be SOX compliant you had to log everything , then you were told incorrectly .
We only want to look at logs when we find major problems elsewhere , and we are only wanting to look at the logs to try to determine the level of risk associated with the issues we have identified .
Logging of failed login attempts is useless , for SOX , since the account was n't used ( hence FAILED login attempts ) .
Obviously , many of these things are good to look at for overall security , but they have no impact for SOX.3 .
Here are the basics for IT SOX compliance :     a. Basic segregation of duties .
The major problem here is that many companies let their developers have full access to production environments or let end users be system administrators .
    b. Have a decent change management process .
Again , do n't let your developers have update access to the production environments .
Make sure you keep documentation showing that changes are tested and approved .
This does n't have to be anything fancy .
    c. Have a decent process to document new system implementations and major system upgrades .
I ca n't begin to tell you how many times I 've had clients implement new systems and give everyone full access just because it was easier or did n't check to see that they converted their data from the legacy application to the new application completely and accurately .
    d. Have a process to follow-up on production processing errors / major events .
If you have tons of job / batch processing abends and ca n't show that they were resolved in a timely manner , we ca n't be sure that transactions did n't get dropped.Obviously , SOX can be very complex , especially if you have a very complex environment .
However , if you actually read Section 404 , there is nothing there that calls out specifics ( i.e. , like the specifics listed to be PCI compliant ) .
It should be all about risk management .</tokentext>
<sentencetext>I am a SOX IT auditor, so here are a few thoughts.
Yes, I'm posting as an Anonymous Coward because I don't want my name tied to this in case someone from my firm sees this.1.
SOX is not about information security and security events.
It's about determining if sufficient controls are present to prevent or detect material misstatement in the financial statements.
For example, you have crappy network security.
A hacker breaks in and steals customer information.
While very damaging, there is no impact on the financial statements from a reporting standpoint (assuming that your accounting department properly books the entries for any fines and penalties - and this is assuming the hacker only copied data and didn't submit anything falsely).
If a hacker did submit something falsely, the auditors would fall back on manual review controls, in the business processes (e.g., reconciliations) to try to identify anything major.2.
If your IT auditor's told you that to be SOX compliant you had to log everything, then you were told incorrectly.
We only want to look at logs when we find major problems elsewhere, and we are only wanting to look at the logs to try to determine the level of risk associated with the issues we have identified.
Logging of failed login attempts is useless, for SOX, since the account wasn't used (hence FAILED login attempts).
Obviously, many of these things are good to look at for overall security, but they have no impact for SOX.3.
Here are the basics for IT SOX compliance:
    a.  Basic segregation of duties.
The major problem here is that many companies let their developers have full access to production environments or let end users be system administrators.
    b.  Have a decent change management process.
Again, don't let your developers have update access to the production environments.
Make sure you keep documentation showing that changes are tested and approved.
This doesn't have to be anything fancy.
    c.  Have a decent process to document new system implementations and major system upgrades.
I can't begin to tell you how many times I've had clients implement new systems and give everyone full access just because it was easier or didn't check to see that they converted their data from the legacy application to the new application completely and accurately.
    d.  Have a process to follow-up on production processing errors / major events.
If you have tons of job / batch processing abends and can't show that they were resolved in a timely manner, we can't be sure that transactions didn't get dropped.Obviously, SOX can be very complex, especially if you have a very complex environment.
However, if you actually read Section 404, there is nothing there that calls out specifics (i.e., like the specifics listed to be PCI compliant).
It should be all about risk management.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30292558</id>
	<title>Re:SOX is choking our companies, kill it.</title>
	<author>Anonymous</author>
	<datestamp>1259680500000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>10+ signatures just means that 9 more people are required to approve the stuff that Enron got up to. For example the Risk group could cancel a programme but a senior executive could override this.</p></htmltext>
<tokenext>10 + signatures just means that 9 more people are required to approve the stuff that Enron got up to .
For example the Risk group could cancel a programme but a senior executive could override this .</tokentext>
<sentencetext>10+ signatures just means that 9 more people are required to approve the stuff that Enron got up to.
For example the Risk group could cancel a programme but a senior executive could override this.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289832</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289376</id>
	<title>Re:SOX is choking our companies, kill it.</title>
	<author>BlueBoxSW.com</author>
	<datestamp>1259664360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Also look at HealthSouth, which never would have been found out if it weren't for SOX.</p><p>I think we need to keep it around, but a better breed of companies need to come around to take the pain out of it.</p></htmltext>
<tokenext>Also look at HealthSouth , which never would have been found out if it were n't for SOX.I think we need to keep it around , but a better breed of companies need to come around to take the pain out of it .</tokentext>
<sentencetext>Also look at HealthSouth, which never would have been found out if it weren't for SOX.I think we need to keep it around, but a better breed of companies need to come around to take the pain out of it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290776</id>
	<title>Re:SarBox is always the excuse</title>
	<author>Bigjeff5</author>
	<datestamp>1259670480000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>The sad fact is, it probably WOULD break SarBox compliance, it's frickin retarded.</p><p>Just about everything a company does relates to SarBox either directly or indirectly, so often an IT department will become terrified to make the smallest change to avoid inadvertantly breaking compliance, or making a change while staying compliance will require more money than the change is worth.</p><p>I.e. if you request a change to save $2000 a month in productivity losses, but maintaining the change will cost $4000 a month, it does not make sense to make the change. Period.  SarBox has significantly raised the cost of even minor IT changes that have anything to do with private data (even indirectly).</p></htmltext>
<tokenext>The sad fact is , it probably WOULD break SarBox compliance , it 's frickin retarded.Just about everything a company does relates to SarBox either directly or indirectly , so often an IT department will become terrified to make the smallest change to avoid inadvertantly breaking compliance , or making a change while staying compliance will require more money than the change is worth.I.e .
if you request a change to save $ 2000 a month in productivity losses , but maintaining the change will cost $ 4000 a month , it does not make sense to make the change .
Period. SarBox has significantly raised the cost of even minor IT changes that have anything to do with private data ( even indirectly ) .</tokentext>
<sentencetext>The sad fact is, it probably WOULD break SarBox compliance, it's frickin retarded.Just about everything a company does relates to SarBox either directly or indirectly, so often an IT department will become terrified to make the smallest change to avoid inadvertantly breaking compliance, or making a change while staying compliance will require more money than the change is worth.I.e.
if you request a change to save $2000 a month in productivity losses, but maintaining the change will cost $4000 a month, it does not make sense to make the change.
Period.  SarBox has significantly raised the cost of even minor IT changes that have anything to do with private data (even indirectly).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288634</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30293648</id>
	<title>Re:SOX is choking our companies, kill it.</title>
	<author>Anonymous</author>
	<datestamp>1259690220000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Get rid of SOX, but just don't tell the developers<nobr> <wbr></nobr>:)</p></htmltext>
<tokenext>Get rid of SOX , but just do n't tell the developers : )</tokentext>
<sentencetext>Get rid of SOX, but just don't tell the developers :)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289812</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30299590
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288988
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30293306
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289162
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289266
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288772
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290134
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288634
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288984
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288564
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30292376
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288592
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30298016
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288772
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288926
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288664
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289312
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288772
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289384
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289376
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30293648
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289812
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290528
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30291670
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288564
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289128
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289180
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288592
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30296814
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288634
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290540
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289832
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289494
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288958
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290272
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288634
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30292194
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289832
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290776
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288634
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288996
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288772
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30292558
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289832
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289604
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288932
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289278
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288664
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290762
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30291066
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289936
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_1957200_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30292904
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288772
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_1957200.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288590
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_1957200.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290392
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_1957200.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289936
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30291066
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_1957200.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289162
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30293306
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_1957200.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288664
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288926
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289278
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_1957200.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288958
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289494
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_1957200.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289476
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_1957200.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288634
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290272
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30296814
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290134
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290776
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_1957200.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288564
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30291670
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288984
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_1957200.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288592
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289180
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30292376
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_1957200.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288880
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289376
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288988
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30299590
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290528
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290762
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289832
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30292558
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30292194
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30290540
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289812
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30293648
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289128
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289384
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_1957200.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288772
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289312
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30292904
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289266
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288996
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30298016
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_1957200.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30288932
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_1957200.30289604
</commentlist>
</conversation>
