Reminds me of the time I worked for one company and prior to going public, we called in some Sarbanes-Oxley consultants to vet us. After a thorough SOX compliance effort (which was ridiculous - one recommendation was "print out all source code and file it"), I showed up one day and an accountant in the corner had disappeared.
Seems that he had a gambling problem, but was allowed to both cut checks and sign them (fall into the GAAP). He embezzled, IIRC, close to one million dollars and was only found due to the SOX compliance effort.
> After a thorough SOX compliance effort (which was ridiculous - one recommendation was "print out all source code and file it"),
If they found that rogue accountant it wasn't all that ridiculous after all. That one requirement was (probably, I don't know the context) ridiculous but the compliance effort apparently wasn't.
On another note, I have had a customer a while ago that would have been extremely happy if they had had a printed, filed copy of all their source code.
I think they like filing because it's immutable storage. An engineer can't write code to change the filed-away code as easily as they can the on-disk source code.
I don't know much about SOX, but based on how I've seen it implemented at various places it seems to be a law that says "it is illegal to write computer programs, so don't let anyone do it! have a good day and have fun running a business!"
Seems that he had a gambling problem, but was allowed to both cut checks and sign them (fall into the GAAP). He embezzled, IIRC, close to one million dollars and was only found due to the SOX compliance effort.