Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· Directory
· Downloads
· FAQ
· Forums
· Search
· Sox_Admin
· Statistics
· Submit News
· Surveys
· Top 10
· Your Account

Sarbox Compliance
The appropriately named Sarbanes-Oxley Compliance Toolkit includes a whole range of materials specifically put together to both introduce, and take you through this most important of legislation.

For detailed information see the toolkit's own website: Sarbanes-Oxley Compliance


SOX Act and Security
As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.

The SOX email storage requirements can be fulfilled using the GFI MailArchiver


SOX Advertisers


Sarbanes What?
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!

Sarbanes-Oxley Act Forum: Forums

The Sarbanes Oxley Act :: View topic - SOX Compliance
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin 

SOX Compliance

 
Post new topic   Reply to topic    The Sarbanes Oxley Act Forum Index -> General Sarbanes Oxley Discussion
View previous topic :: View next topic  
Author Message
sox_newbee
Newbie
Newbie


Joined: Apr 13, 2006
Posts: 4

PostPosted: Mon Jun 26, 2006 11:06 am    Post subject: SOX Compliance Reply with quote

I work for a IT Company - sister company for a Freight Logistics. The parent company is trying to go for SOX Compliance next year. I have been asked by my Manager to give him a plan how the sister company can go for sox compliance. I have no idea what that is. I am a Quality Assurance Consultant not an internal auditor.

Can someone please help me to know what are the prelim things that i have to do and any sample phase plans for going sox compliance.

Any help in this regard would be of great help

Thanks in Advance.

-RAJ
Back to top
View users profile
harrywaldron
SoxGuru
SoxGuru


Joined: Jan 12, 2006
Posts: 849
Location: Roanoke, Virginia

PostPosted: Mon Jun 26, 2006 12:14 pm    Post subject: Reply with quote

Below is an updated list of recommendations, from one I had previously shared ... To me, the cornerstones for success include: Planning, Training, and Commitment ... Good luck to you icon_smile.gif


SOME GENERAL RECOMMENDATIONS FOR SOX IMPLEMENTATION

1. Set up a Project Plan for meeting SOX compliancy requirements (Research and explore what is needed prior to doing anything). Good planning will pay dividends for establishing this process.

2. Get training right away. The core team and especially the leader of the process should invest a week or so in training. Consider attending a formal seminar away from work where you can focus and interact with other participants. This will create a good foundation for what's required.

3. Perform an inventory of all your IT applications. Identify all of your financial systems and look for any indirect relationships.

4. In conjunction with the inventory, examine the workflow and human factors surrounding financial processing.

5. After the inventory, perform a Risk Management study on all your financial applications (looking at possibilities that someone could either accidently or alter financial records)

6. Look at ways of strengthening the Financial process and implement new controls (e.g., versioning, change management, and security)

7. Evaluate random sampling controls and requirements for your financial applications to setup a testing/sampling program on controls each quarter or month, depending on the needs.

8. Evaluate the SOX 404 standards for best practices associated with IT control improvements. Set up a plan to implement and improve standards. Evaluate the COBIT 4.0 standards for IT controls over financial applications (note that COBIT 3.0 is the minimal acceptance level)

9. Work closely with both internal and external auditors and gain their approvals for the work that will be done.

10. Setup an e-Library (electronic documentation library) to include all your SOX documents, test plans, communications, etc.

11. Make sure you obtain senior management support for the process. It is an important aspect for implementing change. They must also support the additional work, human resources, and costs that will be needed to gain compliancy.

12. After the initial process is implemented, continue to improve the SOX controls and keep up-to-date with changes in business and legal requirements.
Back to top
View users profile Visit posters website
sox_newbee
Newbie
Newbie


Joined: Apr 13, 2006
Posts: 4

PostPosted: Tue Jun 27, 2006 10:18 am    Post subject: Thank You - More Info Please Reply with quote

Thanks a lot for the reply.

I did some research on sox compliance. If you can give me more info regarding COSO Framework - Does IT has to comply with COSO Framework and COBIT 4.0 ? Please help me.

My boss is asking me to give a prelim presentation of what are the pre- requisites for going to sox compliance.

It would of great help if you can provide me with any kind of check list..

Thanks in Advance

-RAJ
Back to top
View users profile
harrywaldron
SoxGuru
SoxGuru


Joined: Jan 12, 2006
Posts: 849
Location: Roanoke, Virginia

PostPosted: Tue Jun 27, 2006 1:14 pm    Post subject: Reply with quote

These prior links might help provide more background information:

Background & Links for SOX, COSO,and COBIT
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums&file=viewtopic&t=1516

COBIT Maturity Level for SOX Compliance
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums&file=viewtopic&t=1534

Note Denis and Milan's excellent advice in this thread related to COBIT icon_smile.gif ... While it's not necessarily mandatory, it's highly advisable to be COBIT-compliant, as many of the audit firms feel it is the most applicable IT framework for SOX compliancy

ISO27001/BS7799 Certification vs. Sarbox Compliance
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums&file=viewtopic&t=1584
Back to top
View users profile Visit posters website
milan
SoxGuru
SoxGuru


Joined: Oct 17, 2005
Posts: 415
Location: NY

PostPosted: Tue Jun 27, 2006 3:09 pm    Post subject: Freight Logistics Concern - Financial Reporting Risks Reply with quote

Select Freight Logistics/Forwarder Financial Reporting Risks:

* Contingent liabilities including environmental, legal, damage and injury liabilities are not properly valued/supported.

* Damage reserves, debt compliance, and liquidity.

* Valuation of fixed assets, fleet, materials and supplies, and intangibles.

* Deferred tax assets/liabilities are not properly valued.

* Assets, including goodwill and other intangibles, are not properly valued.

* Customer refund obligations and revenues or customer contract obligations / impairments are not properly valued and disclosed.

* Presentation and valuation of trade receivables.

* Debt compliance and liquidity.
Back to top
View users profile Send email


Display posts from previous:   
Post new topic   Reply to topic    The Sarbanes Oxley Act Forum Index -> General Sarbanes Oxley Discussion All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Forums ©

 
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters.
Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox.
Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.