applicable or no 2838



  • Hi all
    i have one question
    recently; our entity has implementing one huge risk internal control project, encluding the SOA.
    to make it easy, every dept has received his set of risk internal control.
    the question which arise from this is
    if the control seems to be not applicable to our activity, does this means that we can remove this control from our tasks and be free from it?
    i’ve asked this question but he seems more confused than me.
    from my side, i think that the no applicability remove the implementation requirement of the concerned control
    thanks to advice



  • Hi - Yes, it is sometimes difficult to separate department v. company wide controls, during the implementation of SOX. If a certain standard is deemded necessary to support SOA controls in th company as a standard practice for all - then it may need to be followed.
    I’ve indeed seen SOX mis-interpreted and implementers creating a lot of unnecessary work in trying to control non-applicable exposures. SOX controls are best used for financial concerns, but sometimes to control a financial exposure everyone in the company must adhere to it (example: IT security).
    SOX is usually silent on detailed matters like this. If you have a contact in your company heading up SOX, you might share your concerns and see if you can be exempted from the process.



  • Hi Harrywaldron
    thanks for reply.
    i would be agree with you if the Corporate board company had considered some of control requirement as applicable.
    Actualy they did for some but for others, they send them to different unit with requirements as first statuts if it is applicable or no to our unit then define the process owner
    IMO, since they ask us to decide if applicable or no and for sure to give a reason, we can assume one as non applicable and give sufficent reason to show this;
    my confusion is if once we, as unit decide it is non applicable and it is accepted by the high level within the company, can we remove it from our control requirements or no ? the control is focusing on financial matters but none can say that all the financial topic and duties are similar in all unit of the same company when she has lot of kind of activity and acting in different sector
    thanks to advice


Log in to reply