Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· Directory
· Downloads
· FAQ
· Forums
· Search
· Sox_Admin
· Statistics
· Submit News
· Surveys
· Top 10
· Your Account

Sarbox Compliance
The appropriately named Sarbanes-Oxley Compliance Toolkit includes a whole range of materials specifically put together to both introduce, and take you through this most important of legislation.

For detailed information see the toolkit's own website: Sarbanes-Oxley Compliance


SOX Act and Security
As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.

The SOX email storage requirements can be fulfilled using the GFI MailArchiver


SOX Advertisers


Sarbanes What?
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!

Sarbanes-Oxley Act Forum: Forums

The Sarbanes Oxley Act :: View topic - "RIGHT TO AUDIT" Clause in contract with software
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin 

"RIGHT TO AUDIT" Clause in contract with software

 
Post new topic   Reply to topic    The Sarbanes Oxley Act Forum Index -> Sarbanes-Oxley: IT Issues
View previous topic :: View next topic  
Author Message
katerina
Newbie
Newbie


Joined: Aug 09, 2006
Posts: 3
Location: Greece

PostPosted: Tue Sep 26, 2006 9:06 am    Post subject: "RIGHT TO AUDIT" Clause in contract with software Reply with quote

We use a backoffice application, which we have requested the software vendor to modify in a big extent, to cover our core business needs.
All changes are developed and implemented by the supplier's personnel and testing is done by both (in minor changes they do the testing themselves whereas in major changes or additions, we set up a test environment for this purpose and do the testing). The vendor does not have any kind of certification like SAS 70. We were told by our internal auditors that we should add a "right to audit" clause in our contract, which will allow us or an external auditor to verify that the vendor performs all the tasks related to our project in accordance to the procedures we have indicated (on how to manage changes to the application and how to perform testing and implementation). Can anyone provide me with a sample clause, as i need some help with the wording.
Much appreciated!
Back to top
View users profile
harrywaldron
SoxGuru
SoxGuru


Joined: Jan 12, 2006
Posts: 849
Location: Roanoke, Virginia

PostPosted: Tue Sep 26, 2006 10:11 am    Post subject: Reply with quote

Hi Katerina -- Ultimately, I'd recommend getting the corporate legal department involved for specific wording and to negotiate these legal terms & conditions with the vendor's legal counsel.

Some of our members may share suggested wording. In the past, I've submitted the ideas to our corporate counsel who in turn developed it more appropriately in legal terms. I would have not made a good lawyer icon_wink.gif but here's at least one idea to send to your legal department:

Quote:
"The customer reserves the right to audit or inspect work performed by the vendor. The customer may participate directly or through an appointed representative, e.g., external auditor, in order to verify that the tasks related to this project have been performed in accordance to the procedures indicated"


Some results from searching are noted below. I found that it's interesting that the reverse situation is often true (e.g., vendor has the "right to audit" it's customers for proper license compliancy), so hopefully they might recipocate in allowing this to be specified contractually..


Please add www and paste into browser
google.com/search?hl=en&lr=&q=software+vendors+right+to+audit+clause
google.com/search?hl=en&q=right+to+audit+clause
summerfordcpa.com/RQSVendorAudit.pdf

No www needed
biztechnet.org/index.php?option=com_content&task=view&id=1&Itemid=2
Back to top
View users profile Visit posters website
katerina
Newbie
Newbie


Joined: Aug 09, 2006
Posts: 3
Location: Greece

PostPosted: Wed Sep 27, 2006 1:24 am    Post subject: Reply with quote

Thanks! I will try to write something reasonable!
Back to top
View users profile
milan
SoxGuru
SoxGuru


Joined: Oct 17, 2005
Posts: 415
Location: NY

PostPosted: Wed Sep 27, 2006 4:46 pm    Post subject: "Right to Audit Clause" Language Examples Reply with quote

Example I:
RIGHT TO AUDIT: ABC Company, at its own expense, shall have the right at all reasonable times during normal business hours and upon at least twenty-four (24) hours advance notice, to audit, to examine, and to make copies of or extracts from the books of account and records maintained by Contractor with respect to the Services.


Example II:
ABC Company and its authorized representatives shall have the right to direct access to all of XYZ Service Provider's IT equipment, documents, papers and records related to this Contract for the purpose of conducting audits and examinations and making copies, excerpts and transcripts. These records also include licensed software and any records in electronic form, including but not limited to computer hard drives, tape backups and other such storage devices. ABC Company shall reimburse Contractor for Contractor's cost of preparing copies.


Example III:
Section XXX AUDITS
ABC Company shall have the right to audit all books and records (in whatever form they may be kept, whether written, electronic or other) relating or pertaining to this contract or agreement (including any and all documents and other materials, in whatever form they may be kept, which support or underlie those books and records), kept by or under the control of the Contractor, including, but not limited to those kept by the Contractor, its employees, agents, assigns, successors and subcontractors.

The Contractor shall maintain such books and records, together with such supporting or underlying documents and materials, for the duration of this contract or agreement and for at least # years following the completion of this contract or agreement, including any and all renewals thereof. The books and records, together with the supporting or underlying documents and materials shall be made available, upon request, to ABC Company, through its employees, agents, representatives, contractors or other designees, during normal business hours at the Contractor's office or place of business. In the event that no such location is available, then the books and records, together with the supporting or underlying documents and records, shall be made available for audit at a time and location at, location, which is convenient for ABC Company.

Hope this helps,

Milan
Back to top
View users profile Send email


Display posts from previous:   
Post new topic   Reply to topic    The Sarbanes Oxley Act Forum Index -> Sarbanes-Oxley: IT Issues All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Forums ©

 
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters.
Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox.
Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.