As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!
Sarbanes-Oxley Act Forum: Forums
The Sarbanes Oxley Act :: View topic - Wording of Risks, Controls, Control Activities...
Posted: Wed Jul 20, 2005 7:38 am Post subject: Wording of Risks, Controls, Control Activities...
I am in the process of accompaigning a SOX-Implemention project. I am facing the question at which level of process depth a control shall be defined (ie how many control activities a control can entail) or whether every control activity is a "control" itself.
Parallely we are discussing on which hierarchial lvl of processes a risk or a control objective should be worded. What are your experiences?
Joined: Sep 21, 2004 Posts: 149 Location: Northern Europe
Posted: Thu Jul 21, 2005 1:09 am Post subject:
In my firm, each control activity is a control on its own
We have different processes identified through finding what's in scope or not
These processes we have different risks (or control objectives if you'd like)
These risks are mitigated by different controls (-activities) _________________ Sarbanes Oxley Advisor
Last edited by IrquiM on Fri Jul 22, 2005 4:04 am, edited 1 time in total
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters. Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox. Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.