Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· Directory
· Downloads
· FAQ
· Forums
· Search
· Sox_Admin
· Statistics
· Submit News
· Surveys
· Top 10
· Your Account

Sarbox Compliance
The appropriately named Sarbanes-Oxley Compliance Toolkit includes a whole range of materials specifically put together to both introduce, and take you through this most important of legislation.

For detailed information see the toolkit's own website: Sarbanes-Oxley Compliance


SOX Act and Security
As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.

The SOX email storage requirements can be fulfilled using the GFI MailArchiver


SOX Advertisers


Sarbanes What?
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!

Sarbanes-Oxley Act Forum: Forums

The Sarbanes Oxley Act :: View topic - Wording of Risks, Controls, Control Activities...
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin 

Wording of Risks, Controls, Control Activities...

 
Post new topic   Reply to topic    The Sarbanes Oxley Act Forum Index -> Control Methodologies
View previous topic :: View next topic  
Author Message
Telco
Newbie
Newbie


Joined: Jul 20, 2005
Posts: 1

PostPosted: Wed Jul 20, 2005 7:38 am    Post subject: Wording of Risks, Controls, Control Activities... Reply with quote

Hi everyone,

I am in the process of accompaigning a SOX-Implemention project. I am facing the question at which level of process depth a control shall be defined (ie how many control activities a control can entail) or whether every control activity is a "control" itself.

Parallely we are discussing on which hierarchial lvl of processes a risk or a control objective should be worded. What are your experiences?

Cheers in advance.
Back to top
View users profile
IrquiM
MasterSoxer
MasterSoxer


Joined: Sep 21, 2004
Posts: 149
Location: Northern Europe

PostPosted: Thu Jul 21, 2005 1:09 am    Post subject: Reply with quote

In my firm, each control activity is a control on its own

I.e.

We have different processes identified through finding what's in scope or not
These processes we have different risks (or control objectives if you'd like)
These risks are mitigated by different controls (-activities)
_________________
Sarbanes Oxley Advisor


Last edited by IrquiM on Fri Jul 22, 2005 4:04 am, edited 1 time in total
Back to top
View users profile Send email MSN Messenger
Melly
Newbie
Newbie


Joined: Feb 11, 2005
Posts: 9

PostPosted: Fri Jul 22, 2005 3:34 am    Post subject: Reply with quote

We do it the same - one control is one activity only!
Back to top
View users profile


Display posts from previous:   
Post new topic   Reply to topic    The Sarbanes Oxley Act Forum Index -> Control Methodologies All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Forums ©

 
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters.
Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox.
Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.