I resisted as long as I can. I was invited today to participate with some of my more learned colleagues in the writing a paper the objective of which is 'to define a new set of IT requirements for more effective and efficient design and implementation of “Internal Control”...'
Why on earth should anyone want to define a new set of IT requirements, when I'd venture to guess most IT professionals would confess no lack of requirements, and indeed, would prefer some of the old ones closed?
In this matter software architects are becoming like legislators, or worse, yellow-journalists: If they don't have or don't like the requirements (or laws or news) which reflect a business driver (or policy implementation or news) for their activity, they will now employ their friends to create new and improved ones.
We don't need new requirements, we need to solve the hard problems that we've obscured with new technology. Remember "distributed computing?" It was to be solved with network services then RPC then DCE then CORBA, and now SOA. Remember "access control?" ACL's vs RBAC, MAC vs DAC (ok I'm mixing my metaphors) - let's not solve the problem, lets rename the solution. Access control to Access Management to Identity Management to Federated Identity Management to Identity Enabled Services to ...
Of course who ever made a career by solving old problems. The lesson is, if you don't like the work you're doing, create some new work.
"Meet the New Boss, same as the Old Boss..."