Is everyone set for a timely SOX completion? 278



  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • Why would you now be identifying these ‘manual controls that we have to mitigate missing system controls.’ Did you not map to finance way back? As in IT sitting with finance, assesing finances key material controls and determining what is key for IT to assess in support of finance?
    Our mapping was done in June and we are almost final with all remediation from the DE and OE assessments across all entities of the company (inc’l Intl)



  • It’s a long story - new GL system mid-year, late start in documenting IT controls, etc. Not enough resources to test all IT controls or remediate missing controls, so we are placing a heavier reliance on manual controls this year than we will going forward.
    Everything about this project is taking longer than planned to complete.



  • That would explain it, I feel for you. It is a hard enough process without delays…
    24 X 7 you should be done on time :-}



  • That would explain it, I feel for you. It is a hard enough process without delays…
    24 X 7 you should be done on time :-}
    Thanks for the words of encouragement 😢



  • you were supposed to be laughing, calling me names :-}
    Come on… cheer up



  • It’s a long story - new GL system mid-year, late start in documenting IT controls, etc. Not enough resources to test all IT controls or remediate missing controls, so we are placing a heavier reliance on manual controls this year than we will going forward.
    Everything about this project is taking longer than planned to complete.
    Are you documenting and evaluating programme development controls as part of your general computer controls too? I suspect that this is an area that might catch companies out - they implement a new G/L or other financial application and realise that they had not documented, evaluated or tested application controls during the process with the result that they have to do it post go-live when it is costly to retrofit. In my experience, internal controls are seldom considered in application design architecture or specifically tested during UAT.



  • It may not be commonly the case, but I worked for a major UK company in IT audit, and we had an auditor sign off all major financial projects at each milestone to say that controls had been addressed. Smaller projects would be reviewed before go-live. This was way before SOX…
    Prior to that I worked in IT audit for one on the Big audit firms, and we regularly reviewed new apps for clients before they went live to check for control issues.
    Good companies do check controls as part of their project management.


Log in to reply