As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!
Sarbanes-Oxley Act Forum: Forums
The Sarbanes Oxley Act :: View topic - Can a purchasing agent place an order and then receive it?
Posted: Tue Sep 25, 2012 1:49 pm Post subject: Can a purchasing agent place an order and then receive it?
Is it a SOX audit point if a purchasing agent place the requisition, approves the requisition, receives the PO and enters the invoice? If so, can you point me to the SOX audit point? I believe that a purchasing agent can't also receive goods but I'd like to have some backup but can't find anything.
You won't find anything in SOX rules, as they are very general.
However, SOX requires each company to adopt a control framework, of which COSO is the most prominent.
COSO says that "segregation of duties generally entails dividing the responsibility for recording, authorizing, and approving transactions, and handling the related asset."
Therefore, it appears that you have a segregation of duties issue. However, you must also consider what other controls are in place that might mitigate this issue. Smaller companies generally do not have the staff to segregate all functions like a larger company would. If that is the case, then where segregation of duties issues exist, mitigating controls should be identified.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters. Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox. Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.