Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· Directory
· Downloads
· FAQ
· Forums
· Search
· Sox_Admin
· Statistics
· Submit News
· Surveys
· Top 10
· Your Account

Sarbox Compliance
The appropriately named Sarbanes-Oxley Compliance Toolkit includes a whole range of materials specifically put together to both introduce, and take you through this most important of legislation.

For detailed information see the toolkit's own website: Sarbanes-Oxley Compliance


SOX Act and Security
As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.

The SOX email storage requirements can be fulfilled using the GFI MailArchiver


SOX Advertisers


Sarbanes What?
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!

Sarbanes-Oxley Act Forum: Forums

The Sarbanes Oxley Act :: View topic - Processes outsourcing issues
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin 

Processes outsourcing issues

 
Post new topic   Reply to topic    The Sarbanes Oxley Act Forum Index -> Sarbanes-Oxley: Audit Issues
View previous topic :: View next topic  
Author Message
auditorofsox
Soxer
Soxer


Joined: Nov 15, 2005
Posts: 35
PostPosted: Wed Dec 07, 2005 1:29 pm    Post subject: Processes outsourcing issues Reply with quote
Hi,

here is the scenario:

comapany A has asked company B to make a custom software (Custom Financial Application package). At company A, there are only DBAs and Application users(ofcourse along with network engineers etc). DBAs take care of the database and users work on the app programs. Note that there is no one in the company A who knows anything about the coding of the application. Company B is responsible for the maintenance of the application.

Now, think of it..... one or more of the programmers in company B have introduced malicious code in the application. As a result, 1 penny is secretly taken out of each transaction.

Given the situation, we have two scenarios:
1) Application was developed at Company B and then deployed in company A. Techis come regularly to maintain the app.
2)App was developed in Company A.

I am looking for your opinion guys. Inputs will be appreciated...

"What ever happens, it always happens for the good"
Back to top
View users profile


Display posts from previous:   
Post new topic   Reply to topic    The Sarbanes Oxley Act Forum Index -> Sarbanes-Oxley: Audit Issues All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Forums ©

 
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters.
Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox.
Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.