General questions on SOX 2355



  • Hey guys just wondering if anyone had info and articles regarding the following questions.

    1. Last year the deadline for public corps under USD75 million market cap to comply with SOX was Dec 15. Does anyone know if that deadline was again suspended?
    2. With regards to SOX compliance software, is it mandatory or just an advantage for firms to employ them?
    3. What is the average cost spent on SOX compliance software and what are their disadvantages and benefits?
    4. Besides a stronger Internal control system (better checks and balances) that allow for better decision making for both investors and management, is there any other benefits to the internal controls that SOX provides?
    5. What exactly are the requirements that SOX imposes on the internal control systems of companies? Are firms to employ a particular format when it comes to various aspects of IT, are they supposed to include certain information or headings in their reports and statements? (I already know about the requirement of the IT evaluation, I just wanted to know if there were any other specifics.)
      Thanks for your anticipated help which will be greatly appreciated.
      Scott


  • Hi Scottie - Below are some quick responses … Please copy any URLs to your browser, as direct links are not permitted in forums:

    1. Below is the latest info from SEC found for smaller company requirements
      http-and-#58;//www.sec.gov/info/smallbus/src-cdinterps.htm
    2. The purchase of SOX compliancy software is not mandatory under SOX 404 provisions.
    3. Unsure on average costs as it will vary greatly based on what is needed for compliancy and the specific approaches taken by company.
      ADVANTAGES: Automated solutions can help improve Change Management, Change Control, Excel spreadsheet lockdowns/testing, etc. over manual approaches.
      DISADVANTAGES: Costs and sometimes the automated software solution isn’t a good technological fit for the company or it may be difficult for users to adapt to.
    4. A search of the forums using the keyword Benefits provides some past discussions on PROS/CONS. If done properly, it can streamline some existing inefficient workflows and improve the quality and protection of financial information throughout the company. Doing a good job on SOX, also improves the companies prospects on other audits (e.g., ITGC, SAS 70, etc)
      http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=2179
      http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=1901
    5. External SOX auditors often use COSO (financial controls) and COBIT (IT controls) as guidelines for control. Good classical audit controls like ‘separation of duties’, ‘autonomy levels’, documented standards and procedures, etc. all help with SOX compliancy.
      COSO
      http-and-#58;//www.coso.org/
      COBIT 4.1 - Free copy
      http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=1920


  • Regarding question 5, I have what I think is a nice template regarding General Computer Controls and the typical controls you will want to ensure are documented and they are in line with COBIT and COSO (have been accepted by our auditors). I think it would be at a minimum a very good starting point.
    If you want me to email you a copy, let me know. I would post here for everybody, but I don’t think I can attach a document.



  • you can email me at scottiebee78 at hotmail dot com
    Regarding question 5, I have what I think is a nice template regarding General Computer Controls and the typical controls you will want to ensure are documented and they are in line with COBIT and COSO (have been accepted by our auditors). I think it would be at a minimum a very good starting point.
    If you want me to email you a copy, let me know. I would post here for everybody, but I don’t think I can attach a document.


Log in to reply