As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!
Sarbanes-Oxley Act Forum: Forums
The Sarbanes Oxley Act :: View topic - Canadian SOX requirements
Posted: Fri Jun 04, 2004 1:30 pm Post subject: canadian requirements
I have heard there are quite a few differences, and all sites I have found deal with US regulations. While they may be the same, is there a site directed towards Canadian regulations for SOX?..the associated Bill 198/ or 196?
Joined: Apr 27, 2004 Posts: 21 Location: The Netherlands
Posted: Sun Jun 06, 2004 4:17 pm Post subject: Re: canadian requirements
is there a site directed towards Canadian regulations for SOX?..the associated Bill 198/ or 196?
If you follow the US regulations you can't go wrong .... we did the same here in the Netherlands...
If there is a site, I wouldn't know...The associated Bill 198 is according to me UK-regulations associated Bill 197/198 try otherwise this one....
Obviously the act itself. Maybe the document "IT control requirements for sox" from www.itgi.org. You should pay close attention to the sec 302 and 404. The 404 work will take some effort, time and money. You maybe want you external auditor to perform some kind of pre-audit to point out the areas where you are required to solve some deficiencies.
Joined: Aug 10, 2004 Posts: 19 Location: Calgary Canada
Posted: Tue Aug 10, 2004 10:08 am Post subject:
I'm a little late to this discussion but I've been using the PCAOB document to provide insight on how we'll be audited. One needs to remember that this document is directed at the responsibilities of auditors not "Management" however it does provide some interesting information.
Posted: Mon Dec 06, 2004 4:44 pm Post subject: re: Candaian SOX
Actually there are differences between SOX and it's counterpart legislation in Canada (Bill 198, Ontario (200)) (mostly timing of regs coming into force but some differences in regs as well). A quick overview of the Bill and the differences can be found at intaudit.edmonton.ab.ca/newsltr/iianews/ 2004/Dec%2004/Bill%20198%20(Overview)%20II%20A%20presentation.pdf
This only applies to companies which are listed solely in Canada. If your company is listed on an SEC regulated exchange then you do have to comply with SOX.
Joined: May 26, 2008 Posts: 187 Location: Switzerland
Posted: Tue May 27, 2008 11:43 am Post subject: Canadian SOX provision
In Canda the following applies (text from Ontario Securities Commission's website CANADIAN SECURITIES ADMINISTRATORS NOTICE 52-313):
After careful consideration of the feedback received and recent developments internationally, particularly in the US, we propose to expand MI 52-109 to include the internal control reporting requirements discussed below.
• The CEO and CFO of a reporting issuer, or persons performing similar functions, will be required to certify in their annual certificates that they have evaluated the effectiveness of the issuer's internal control over financial reporting as of the end of the financial year. They will also be required to certify that, based on their evaluation, they have caused the issuer to disclose in its annual MD&A their conclusions about the effectiveness of internal control over financial reporting as of the end of the financial year.
• As noted above, the issuer's annual MD&A will include disclosure regarding its internal control over financial reporting. This disclosure will include a description of the process for evaluating the effectiveness of the issuer's internal control over financial reporting and the conclusions about the effectiveness of internal control over financial reporting as of the end of the financial year.
The issuer will not be required to obtain from its auditor an internal control audit opinion concerning management's assessment of the effectiveness of internal control over financial reporting.
The board of directors and its audit committee, in consultation with management, may choose to consider whether they wish to engage the issuer's auditor to assist in discharging their respective responsibilities for (i) the issuer's internal control systems and (ii) review and approval of the issuer's annual MD&A. However, engagement of the auditor will not be a requirement under MI 52-109.
The proposed internal control reporting requirements discussed above do not diminish the existing obligations of the issuer's auditor under generally accepted auditing standards to (i) understand the issuer's internal controls relevant to the audit of the issuer's financial statements and (ii) read materials with which the auditor is deemed to be associated, such as the issuer's MD&A, assess whether they are inconsistent with their knowledge and take appropriate action if they are aware of any material misstatements of fact or, if applicable, misrepresentations.
I hope this clarifies the question on the Canadian requirements.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters. Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox. Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.