As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!
Sarbanes-Oxley Act Forum: Forums
The Sarbanes Oxley Act :: View topic - Acquired company and SOX control exceptions
Posted: Thu Dec 09, 2010 10:04 am Post subject: Acquired company and SOX control exceptions
We purchased a multi-location company this year. I understand that the management's assessment of the internal controls for the acquired company can be excluded for this year end. However, the acquired locations have been using the parent company's systems to post revenue and AP, record inventory, etc which are governed by the corporate SOX controls.
There has been some errors noted during our audit for these locations. My understanding is that since the acquired locations have rolled into the parent company's systems and processes, they are included in the populations for testing and the information is subject to audit review and tesing even though the "one-free" pass is in place.
Since the acquired company is utilizing the parent company processes and systems, would any errors found in an audit review equate to corporate SOX control exceptions? Or should the locations be carved out of the sample population and excluded from audit review?
Thank you in advance for any comments.
I would place reliance on the areas that the parent company controls where the controls are universal to your subsidiaries (primarily systems controls) and scope out any manual controls at the acquired locations for SOX assertion purposes.
My guess is that any errors are user errors on the part of the acquired subsidiaries as they transitioned to the new systems. These would be what I scope out.
You would be responsible, however, to ensure that your controls around purchase (acquisition) accounting are in place when valuing assets and liabilities acquired.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters. Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox. Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.