CISP and SOX 107



  • Non-repudiation appears to be part of SOX am I right? But not part of CISP (strangely) - anyone know? I will fail SOX but not fail CISP if I dont have non-repudiation of credit card transactions??



  • This post is deleted!


  • This post is deleted!


  • Non-repudiation appears to be part of SOX am I right? But not part of CISP (strangely) - anyone know? I will fail SOX but not fail CISP if I dont have non-repudiation of credit card transactions??
    Non-repudiation is an objective in both Cobit and COSO.
    ‘Where appropriate, controls exist to ensure that transactions cannot be denied by either party and that controls are implemented to provide nonrepudiation of origin or receipt, proof of submission and receipt of transactions.’ DS 5.15
    However… If after doing a risk / benefit analysis you determine that its not economically or other wise feasable for you to meet this requirement you need to put in controls to mitigate this risk.
    They do need to be strong controls because if one side can repudiate then incorrect financial information can be put into the system.
    It depends also on the dollar amounts that might be repudiated etc etc.
    I think if you sit down with your controller / CFO etc they can come up with controls ot mitigate the repudiation risk.


Log in to reply