As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!
Sarbanes-Oxley Act Forum: Forums
The Sarbanes Oxley Act :: View topic - Do you use COSO ERM for Sarbanes Oxley?
Posted: Mon Aug 29, 2005 5:10 am Post subject: COSO ERM and Sarbanes Oxley
ERM is not mandatory for SOX compliance, and implementing ERM is no small undertaking. You need time, money and commitment to culture change and all are typically in short supply at most companies.
“Enterprise” Risk Management…
"Enterprise" means an elimination of functional, departmental or cultural barriers. To move from the current fragmented risk management approach to the enterprise wide approach. To identify correlations of risks that may be overlooked in a single-focused risk management framework. Not easy at all.
That is why only 10-15% of companies needing to comply with Sarbanes Oxley, (and being busy satisfying the requirements of Sarbanes-Oxley) are implementing ERM.
ERM is the next step for many companies. Compliance with Sarbanes-Oxley lays a foundation for implementing Enterprise Risk Management (ERM) capabilities. _________________ George Lekatis
President of the Sarbanes Oxley Compliance Professionals Association (SOXCPA)
Posted: Wed May 03, 2006 7:36 am Post subject: COSO framework
Though COSO is the most popular framework available for Sarbanes Oxley internal control evaluation, there are other control frameworks also available like CoCo from canadian institute of chartered accountants, Kontrag which is a framework used in germany and so on.
Over a period of time, COSO has however become the most popular and accepted framework. It is endorsed by many professional organizations. Hope this helps.
[Edited by Admin: No self promoting URLs please in messages]
Joined: May 26, 2008 Posts: 187 Location: Switzerland
Posted: Sat Oct 17, 2009 1:31 am Post subject: COSO ERM framework for SOX
Let's not forget that implementing an ERM based on COSO's ERM framework generates a lot of consulting fees for internal control and risk consultants. This may be just the latest management or consultant's fad after lean management, business process engineering, total quality management, etc.
An analysis of the type of internal control framework used by the management of UK, German, French, Italian, Dutch, Swiss and Austrian issuers for the assessment of the effectiveness of internal control over financial reporting (i.e. from their annual reports on form 20-F) shows that only three issuers use a different framework than COSO's internal control - integrated framework. British Petroleum and the British Telecom use the Turnbull framework and HSBC Holdings uses both COSO's internal control - integrated framework and Turnbull.
In conclusion, the use of other control frameworks for SOX assessments of internal control over financial reporting is extremely rare among European foreign private issuers.
TeganZimm - could you post up that link again, just do www (dot) and then the rest of the address....not sure why the admin didn't do that for you for your first post.
Anyway, ERM is big in the financial industry sector, but all the other sectors are lagging behind. Since there isn't much more than concepts freely available, it's very hard to benchmark or even generate ERM for non-financial industry companies. Definitely going to be a huge area for personal growth for myself. I'm spearheading our ERM project at my company.
Anyway, if anyone else is involved in ERM, I'd love to bounce some ideas around and benchmark with anyone who'd be interested.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters. Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox. Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.