SarBox and the World of Tomorrow

SarBox has hundreds of provisions, and I'm not an expert by any means. In fact, you will probably need a lawyer to figure out how it applies to you, and I don't think the industry has really figured out all the implications yet. If you see an error here, please let me know.

Because of all of this corporate malfeasance, congress decided to pass a law that would apply to all publicly traded companies. Of major concern is the "separation of duties" which, if I understand it correctly, means that programmers cannot write code that adjust financial records. Or put another way, programming and administration will have to be performed by different people.

If you're a huge company, this is probably not a big deal. However, for small companies this is going to be a disaster. You can work out some of the implications yourself, here's a good blog on the subject (I don't know this guy or his site, but it looks like a good overview from the developer's standpoint)

As for the larger program management implications, it looks to me like a further incentive to outsource development, as that would clearly indicate the bit-flippers aren't loose in the cookie jar. But that could lead to a lot of other problems in deployment. As we all know, at some point development and deployment are kind of the same thing. Who's fixing your deployment issues and bugs if it is not the developers? There are some serious considerations here, and it may lead to higher "walls" between development and test -- a good thing in theory, but I'm not sure smaller shops can support it.