6. Staff Requirements 281

Staff Requirements 281

  • E

    I am trying to gather some information to justify more people for my organizations sarbanes oxley effort. We are going through our first round final audits and I am a staff and manager of myself in this effort. I work for a newspaper in the Baltimore MD area that is part of the Tribune Organization. I am trying to find out what other organizations have on staff as far as people dedicated to this effort. What are their job descriptions and also are they dedicated 100 %to this effort. %0ARight now I’m forced to write procedures and policies on the fly and don’t have time to do monitoring like I should. We have little if any system documentation which desperately needs to be done along with many other areas of improvement. Would love to hear from anyone else regarding their efforts and staff size. %0AThank you%0AEllen

    0
  • E

    This post is deleted!
    0
  • D

    This post is deleted!
    0
  • E

    This post is deleted!
    0
  • D

    This post is deleted!
    0
  • Y

    This post is deleted!
    0
  • D

    It sounds like you are in a difficult position. To adequately work out your resource requirement you really need to have one (or several) person fully dedicated to the project scoping. It’s only once you’ve done this that you’ll be able to make the case to senior management about your resource requirements.
    As you appear to be part of a larger group you probably need to,somehow, get interfaced with the SOx programme/project team if there is one. I would put the onus on them to steer you in the right direction.
    Ultimately you can’t budger your resource unless you know what you have to deliver.
    However, it could well be that if your operation is a smaller part of a larger group that your requirement is minimal.
    Hope this helps.

    0
  • E

    I am the manager of IT Controls and Standards for the Baltimore Sun Newspaper which is part of the tribune corporation. My role is to obviously manage the Sarbanes Compliance issues, along with developing processes and procedures and monitoring their compliance. I am the only individual dedicated 100 % to these efforts. I am finding that other papers similar in size to us have 4 to 5 individuals working on these issues.

    0
  • D

    Ellen
    To a certain extent you are asking a ‘how long is a piece of string?’ question. And the answer is it depends.
    If I understand you correctly, it is the Tribune Corporation that requires to comply with SOx not the Baltimore Sun, as they are they listed company and you are their affiliate. Your compliance efforts need to be directed by them.
    That said, I also assume that you are concerned primarily (only?) with IT issues? In this case your efforts are required to support business processes i.e. the ‘financial’ part of the project needs to determine which systems are in-scope and that sets the starting point for your work. Once you know this you can refer back to CobIT for the extent of work required on the in-scope systems and start to prepare a time budget for this work - this should then give you some support for any resource issue you are trying to resolve.
    Sources of help in doing this:

    • other Companies in the Group
    • external audit
      For wehat it’s worth I don’t think even the simplest organisation could manage with one person devoted the IT part of 404 - unless you were pretty well controlled in the first case.
      Hope this helps
      Denis
    0
  • Y

    Once you have identified your needs…
    then double it.
    That will be the reality.

    0
Log in to reply