Change Management Approval under SOX 73



  • I am looking for the SOX interpretation regarding and#8220;manager approval_and_#8221; on the IT side of change management.
    Scenario:
    Developers writing code in language A
    Focused on area B of the business
    What knowledge does the manager for this group of developers have to possess?

    1. Do they have to have any specific knowledge of language A?
    2. Do they have to have any specific knowledge of area B of the business?
      The manager is not a ‘Language A’ programmer and is knowledgeable of area B of the business. Should the manager approve changes made by the team without audit issues?
      Thanks in advance.


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • So, you have a business requirement which has to be build into a piece of software by developers.
    The process will - at a high level - more or less look like:
    Request, Approval of the Request, Softwaredevelopement, IT Test, User Test, Buisness Line Approval and Going Live.
    The IT Manager involved should be capable to understand the General IT Process of the SDLC and the applying company policies. He also should understand Software Quality. And finally he will get a kind of sign-off by the business line.
    The process will include some risks and related key controls which he should be aware of. And he should know about the impact his process has to the financial reporting of his company.



  • I agree 100 percent with the above poster…
    One thing to add though. If your own company policies require X education and Y experience and the manager in question above dosen’t meet those requirements then you need to identify the person as non-compliant with your own requirements and think of manual controls to ensure the quality of the persons work etc.
    Or you can just change the job requirements :lol:


Log in to reply