I currently work in the Oracle development team in the IT division of one of NZ's big banks.  As our multinational parent organisation is listed on the NYSE, we are required to be compliant with the Sarbannes-Oxley Act.  This means the minutiae of our software development lifecycle is regularly scrutinised to see that we meet compliance - we're talking documenting the processes of the SDLC itself and ensuring all our templates have all the correct information.

Somehow, I've ended up with this lemon of responsibility in my team (that's right - pick on the junior!).  This has resulted in spending four weeks getting all our documentation up to scratch and submitting it for remedaition analysis.  Little did I know this would entail answering questions from a guy who not knows nothing about IT, but is also in a different country (how the hell does this work?).

From previous reviews before my time, I know that the team usually ends up with more documents to complete for any piece of development - in this case, it looks like we'll have two different information risk assessment tools.  Because of this, it looks like we're heading down the slippery red-tape slope to the position where our Aussie brethren are... where it takes three weeks to do a piece of work that previously took 2-3 days.

I understand the legal butt-covering but do they want us to actually produce results without blowing project budget on documentation time?  If this cause us this much grief, could this be one of the reasons that large organisations like VF or TC take a dogs age to actually achieve anything?

(and don't get me started on accountants controlling an organisation instead of the actual doers!)

[end of frustrated rant]