As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!
Posted: Mon Jun 11, 2012 11:35 am Post subject: SOX Sampling Methodology
ALL I need your Help
I have a couple of general questions on Compliance and SOX testing. Please, I need your expert opinion on sampling.
Question: If you have a tool that can run reports showing you records that are not in compliance, for example let’s say you are conducting change management testing, if you can run a report that can show you change records that were implemented before approval, will you rather use the tool to test 100% of the population or would you pick samples for testing? The testing methodology is to pick samples.
Do I need to pick samples when i Can run the tool to generate a report of non compliant records for me
Nothing is more accurate than auditing 100% of your activity.
I would start with the report, but would inquire as to whether or not good explanations for the variances to exist. You don't want to blindly accept the report results without doing some background work to ensure that the reported variances are accurate and proper.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters. Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox. Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.