SOX Implementation 2222



  • Dear Friends,
    I am on the process of learning and reasearching about SOX. And I do have some questions in mind that I may need clear answers and opinions.

    1. Is section 404 is the only requirement that IT department shall comply with?
    2. Is SOX does have an equivalent ISO standards?
    3. What are the mandatory documents needs to be established in order to be SOX compliant?
      That’s it for now.
      Thanks…
      dennis_CA_SOX


  • Hi Dennis and welcome to the forums 🙂
    The following are brief answers:

    1. SOX 404 represents a framework of controls, management is to responsible for to ensure financial IT systems are adequately protected. This includes good security, 7 year retentions of information, documentation, etc.
    2. There are no ISO or other standard equivalents
    3. COBIT 4 is a good starting point, plus reading some of the prior threads in the IT section. You might want to search on keywords like: testing, sampling, policies, documentation, retention, etc. (e.g., I couldn’t locate an overall outline quickly)


  • Thank you harry…
    how about for ISO 27001, does SOX have compatibility with this standard? does it answer its requirements?



  • ^ Hi Dennis – While, there’s no direct tie-in with SOX on any of the ISO security standards, there are indeed overlaps in the protective goals for risks pertinent to financial systems. For example, some of our policies, standards, and procedures related SAS 70 and other disciplines, also help us better meet SOX requirements.
    As SOX auditors evaluate meeting these requirements, they will certainly take additional ISO or other approaches into consideration. Still, SOX has it’s own unique traits that have to be met above and beyond any other standards - which unfortunately adds to the costs 😞
    I’m more of an IT person than an overall SOX coordinator. While I have an idea on what’s needed, there is a need to thoroughly research specifics for your company . Also, work with your external auditors and hopefully they can help get you all started – as you’re paying for their services.
    As there are differences between company sizes and with new SOX requirements forthcoming, I’d suggested reviewing some of the following links (including links on a few pages of the Google search).
    The KPMG PDF link at the bottom is EXCELLENT as an outline of SOX 404 requirements 🙂 I downloaded a personal copy for myself (880MB, 48 pages).
    SOX 404 Requirement links (avoid the sales links)
    Please paste to browser and add www as direct links aren’t permitted in forums
    google.com/search?hl=en-and-q=sox 404 requirements
    mcgladrey.com/Resource_Center/Audit/Articles/ImplementingSOX_AnIntroduction.html
    Powerpoint presentation
    Please paste to browser and add www as direct links aren’t permitted in forums
    hftpcoloradofrontrange.org/dwnlds/HFTP_SOX_Presentation.ppt
    PDF presentation (excellent)
    Please paste to browser and add www as direct links aren’t permitted in forums
    kpmg.com/aci/docs/PCAOB_S-O_404_v9.pdf



  • Thank you harry. youve been a great help. if i have questions i will contact you again. thanks. 😄


Log in to reply