Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· Directory
· Downloads
· FAQ
· Forums
· Search
· Sox_Admin
· Statistics
· Submit News
· Surveys
· Top 10
· Your Account

Sarbox Compliance
The appropriately named Sarbanes-Oxley Compliance Toolkit includes a whole range of materials specifically put together to both introduce, and take you through this most important of legislation.

For detailed information see the toolkit's own website: Sarbanes-Oxley Compliance


SOX Act and Security
As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.

The SOX email storage requirements can be fulfilled using the GFI MailArchiver


SOX Advertisers


Sarbanes What?
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!

Sarbanes-Oxley Act Forum: Forums

The Sarbanes Oxley Act :: View topic - SOX 404 workload
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin 

SOX 404 workload

 
Post new topic   Reply to topic    The Sarbanes Oxley Act Forum Index -> General Sarbanes Oxley Discussion
View previous topic :: View next topic  
Author Message
Auditguru
Newbie
Newbie


Joined: Apr 02, 2008
Posts: 1

PostPosted: Wed Apr 02, 2008 11:49 am    Post subject: SOX 404 workload Reply with quote

Hi,

I have just been hired to do SOX 404, previously i have been doing 302. My questions are:

1. I dont really think much work has been done by my company other then preparation of some matrix and documentation which is not yet fully complete. In your experience how long will it take? i will start work from July and the deadline is Sept 08 icon_smile.gif

2. I have heard someone tell me that the company requires an in house CPA to head this SOX Compliance. Is it correct and if yes does this incharge have to sign off on something at the end or is it just to ensure that having a CPA is better as he/she will have the required knowledge? I am asking because i dont have a CPA but plenty of knowledge and experience to complete the task so can i also head the team.
Back to top
View users profile
harrywaldron
SoxGuru
SoxGuru


Joined: Jan 12, 2006
Posts: 849
Location: Roanoke, Virginia

PostPosted: Wed Apr 02, 2008 1:13 pm    Post subject: Reply with quote

Hi and welcome to the forums icon_smile.gif

Below are some ideas that might help you get started:

Quote:
1. I dont really think much work has been done by my company other then preparation of some matrix and documentation which is not yet fully complete. In your experience how long will it take? i will start work from July and the deadline is Sept 08


SOX 404 requirements will vary greatly by company, (e.g., depending on levels and types of automation, risk factors, etc.). This can take considerable time to learn and implement, and just one quarter to build a full SOX 404 framework does not seem like enough time to me?

A few success factors are noted below for a good SOX 404 experience:

1. Training - As SOX 404 is nebulus and subject to interpretations get good training so that you know what must be done (no more or no less than required)

2. Setting up Detailed SOX 404 plan

3. Walkthrough and approval by SOX External auditors

4. Ensuring senior management support on resources for documentation, testing, and to make needed changes.

5. COBIT 4.1, GAIT, and GTAG might be some good resources to read (many external auditors use COBIT checklists as key considerations to ascertain SOX 404 compliancy)

TWO FREE RESOURCES:
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums&file=viewtopic&t=1920

Please copy link to browser as outside links aren't permitted in forums

Code:
http://msmvps.com/blogs/harrywaldron/archive/2008/03/27/sarbanes-oxley-404-requirements-iia-s-gait-and-gtag-free-resources.aspx


Quote:
2. I have heard someone tell me that the company requires an in house CPA to head this SOX Compliance. Is it correct and if yes does this incharge have to sign off on something at the end or is it just to ensure that having a CPA is better as he/she will have the required knowledge? I am asking because i dont have a CPA but plenty of knowledge and experience to complete the task so can i also head the team.


There's no requirement for a CPA to head up SOX 404 compliancy within the statutory requirements that I'm aware of. In fact, an individual with a strong audit background might do a good job as well in designing control systems, etc. I would ensure the SOX 404 leader is well trained (and even invest in some of the good offsite training available where networking with other professionals and guidelines might help one get started).

Please copy link to browser

Code:
http://www.google.com/search?hl=en&q=sox+404+training
http://www.theiia.org/iia-training/
Back to top
View users profile Visit posters website
Igor13
SeniorSoxer
SeniorSoxer


Joined: Oct 03, 2006
Posts: 63
Location: USA

PostPosted: Mon Apr 07, 2008 3:00 pm    Post subject: Reply with quote

I think it also depends on the size of the company, number and proximity of locations that are in scope, the number of people working on the 404 project, the experience levels of those people, and whether or not all parties (process owners) are committed to making the project a success. I'm assuming that the September '08 deadline is for documentation only and that testing of key controls will then commence. In my experience, most personnel initially do not view SOX as an integrated part of their daily work routine and tend to give it a low priority, causing deadlines to be missed, which of course is detrimental to any project.

As mentioned, set up a 404 plan, create schedules to include specific responsibilities for all personnel, time lines (be conservative), due dates, different project phases, etc. Also, read the SEC's interpretive guidance that was issued last year, in addition to AS 5 (although AS 5 was issued by the PCAOB for EA's). Something else, make sure there is someone on your staff who is proficient with IT controls and that the financial and IT components of SOX are working together towards a common end. Communicate frequently with all parties involved what the expectations are, and create status reports to communicate to upper management the progress of the SOX effort.

Good luck!
Back to top
View users profile
harrywaldron
SoxGuru
SoxGuru


Joined: Jan 12, 2006
Posts: 849
Location: Roanoke, Virginia

PostPosted: Tue Apr 08, 2008 6:40 am    Post subject: Reply with quote

Igor13 wrote:
In my experience, most personnel initially do not view SOX as an integrated part of their daily work routine and tend to give it a low priority, causing deadlines to be missed, which of course is detrimental to any project.


This is wise advice and represents why senior management backing on meeting SOX compliancy is so important icon_smile.gif

Igor13 wrote:
Also, read the SEC's interpretive guidance that was issued last year, in addition to AS 5 (although AS 5 was issued by the PCAOB for EA's)


Below are some links that might help in this process:

Code:
http://www.pcaob.org/Rules/Docket_021/2007-05-24_Release_No_2007-005.pdf
http://www.sec.gov/rules/interp/2007/33-8810.pdf
http://en.wikipedia.org/wiki/SOX_404_top-down_risk_assessment
http://en.wikipedia.org/wiki/Auditing_Standards_Board
http://www.itcinstitute.com/display.aspx?ID=3600
http://www.google.com/search?hl=en&q=pcaob+as5
Back to top
View users profile Visit posters website


Display posts from previous:   
Post new topic   Reply to topic    The Sarbanes Oxley Act Forum Index -> General Sarbanes Oxley Discussion All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Forums ©

 
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters.
Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox.
Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.