The appropriately named Sarbanes-Oxley Compliance Toolkit includes a whole range of materials specifically put together to both introduce, and take you through this most important of legislation.
As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.
The SOX email storage requirements can be fulfilled using the
GFI MailArchiver
SOX Advertisers
Sarbanes What?
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!
Sarbanes-Oxley Act Forum: Forums
The Sarbanes Oxley Act :: View topic - Findings Framework - process to aggregate deficiencies
Joined: Mar 28, 2008 Posts: 2 Location: San Jose, CA
Posted: Fri Mar 28, 2008 12:02 pm Post subject: Findings Framework - process to aggregate deficiencies
Hello All,
I work in the Corporate Finance / SOX Compliance group for a public company in Silicon Valley.
We are refining our internal Findings Ranking Framework. We have built it upon the old (but last published edition) Big9 2004 framework, SEC / AS5 guidance, and IIA GAIT guidance.
As SOX audit test result findings come up we rank each individually (with no consideration to mitigating controls) as deficiency, minor finding, or process improvement. We then do a quarterly aggregation on deficiencies to rank as Defic, Sig Defic, or MW and we also consider at this point the mitigating controls and collective deficiencies by account class (revenue, cogs, etc).
Section 404 states that determination should be made that controls are operating effectively "as of year-end". So my question is, if deficiencies were identified during the course of the year but since remediated and retested with a "pass" then should we no longer include these in the periodic aggregations (since they are operating effectively as of "year-end"? IE, aggregations should technically only be done on "open" deficiencies?
Joined: Nov 25, 2004 Posts: 787 Location: London, UK
Posted: Tue Apr 08, 2008 7:49 am Post subject:
seconded _________________ "The art of life is to deal with problems as they arise, rather than destroy one's spirit by worrying about them too far in advance" - Cicero
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters. Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox. Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
