SOX Rocks


With that agreement in hand, she and her team implemented two things: one, a report that would show what had changed over a set period of time, so they only had to test what had changed; and two, integration of the controls tests as part of the automated test arsenal, including the right set of roles and process combinations in the test suite to be sure the more than seventy controls were executed each time. The test results were reported and saved in an "audit ready" format. What had taken months to do before could now be done in seventy-two hours and by only one person. For a relatively minor incremental effort, this approach saved her company a quarter of a million dollars a year and put big smiles on the business owners' faces.

Think Outside the Traditional Box
Think about it. We all have to scramble to justify investment in testing and automation, often producing laborious ROI analyses. The problem with most of these is that, unless your test coverage is comprehensive to begin with (and whose is?), at best you are going to increase quality without increasing testing costs. Reducing testing costs is hard to argue, since enough likely isn't being spent anyway. But, with this approach, you are displacing actual hard costs and tedious effort.

SOX applies only to public companies, of course, but that doesn't mean smaller or private companies don't care about compliance or have exposure to audit requirements.

The larger lesson is that we need to learn to think outside of the traditional feature/function box and realize that the systems we test may have far-reaching financial and operational consequences to our company or those that use the software we may sell. We can use this new perspective in the ongoing battle to justify additional investment in testing and automation and to get the right kind of attention from senior levels of management.

About the author

Linda Hayes's picture Linda Hayes

Linda G. Hayes is a founder of Worksoft, Inc., developer of next-generation test automation solutions. Linda is a frequent industry speaker and award-winning author on software quality. She has been named as one of Fortune magazine's People to Watch and one of the Top 40 Under 40 by Dallas Business Journal. She is a regular columnist and contributor to and Better Software magazine, as well as a columnist for Computerworld and Datamation, author of the Automated Testing Handbook and co-editor Dare To Be Excellent with Alka Jarvis on best practices in the software industry. You can contact Linda at

AgileConnection is one of the growing communities of the TechWell network.

Featuring fresh, insightful stories, is the place to go for what is happening in software development and delivery.  Join the conversation now!