The appropriately named Sarbanes-Oxley Compliance Toolkit includes a whole range of materials specifically put together to both introduce, and take you through this most important of legislation.
As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.
The SOX email storage requirements can be fulfilled using the
GFI MailArchiver
SOX Advertisers
Sarbanes What?
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!
Sarbanes-Oxley Act Forum: Forums
The Sarbanes Oxley Act :: View topic - Getting started with SOX
Posted: Fri May 27, 2005 3:02 am Post subject: Getting started with SOX
Hi,
Can someone please point me in the direction of getting started with SOX documentation. My own vision on doing this is to initially put in place some high level documentation which take a look at the organisation the functional areas. Explain what each area does, and then document processes & procedures which would impact the financial statements of the organisation.
Something like this would perhaps facilitate the SOX audit process, in terms of getting a high level view of the organisation the processes and policies and procedures.
I am hoping someone can point in the direction of getting some templates in place and perh aps get hold of example documentation.
based on the attached RCM template here, the starting basis appeared to be process/ dept level i.e., Payroll.
From there, controls within Payroll process are identified to ascertain how they can ensure completeness, accuracy, validity etc etc of Payroll reporting.
So, we just tick the applicable Assertions that the identified controls can fulfil?
Will this be the correct approach to complete this RCM?
Joined: Nov 25, 2004 Posts: 787 Location: London, UK
Posted: Tue Jul 22, 2008 2:47 am Post subject:
foofam77 wrote:
just to confirm:
based on the attached RCM template here, the starting basis appeared to be process/ dept level i.e., Payroll.
From there, controls within Payroll process are identified to ascertain how they can ensure completeness, accuracy, validity etc etc of Payroll reporting.
So, we just tick the applicable Assertions that the identified controls can fulfil?
Will this be the correct approach to complete this RCM?
You've missed a step. Before jumping to the controls you need to identify the control risks/control objectives that the controls are going to address.
I have found it easiest to think of control risks in terms of What Can Go Wrong? So at each stage of the process you will identify a bunch of risks e.g. leaver is not removed from payroll, payroll deductions are incorrectly calculated or employee is paid for fictitious overtime. These risks will have an assertion (possibly more than one) attached to them and you should then look for controls that manage that risk - bearing in mind that a single control may not cover all assertions against the risk. _________________ "The art of life is to deal with problems as they arise, rather than destroy one's spirit by worrying about them too far in advance" - Cicero
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters. Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox. Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
aps get hold of example documentation.
