What happens after the deadlines? 310



  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • The Act requires an annual certification by management that internal controls over financial statements are effective. This means on going monitoring and testing of all controls. Our company (as will most) will be doing quarterly reviews and updates to the documentation so that as of the year end date we are comfortable that our controls are adequate to cover all of the risks we have identified.
    The Sarbanes Oxley work does not end on December 31st - it has only just begun.



  • Actually management have to add a statement about their internal controls with the quarterly SEC filing - so testing has to be done quarterly too to provide something to support mangement’s statement.
    Some of the higher risk controls will be tested even more frequently. IA’s work is never done…



  • A question about ongoing compliance… my Firm is implementing new software in the 1st quarter, and they’re asking whether the new software (and processes that surround it) must be fully compliant prior to implementation.
    Is that everyone else’s understanding? Or, is it feasible to implement the application, then identify and remediate any control deficiencies?



  • A question about ongoing compliance… my Firm is implementing new software in the 1st quarter, and they’re asking whether the new software (and processes that surround it) must be fully compliant prior to implementation.
    Is that everyone else’s understanding? Or, is it feasible to implement the application, then identify and remediate any control deficiencies?
    Assuming that you were required to be compliant at YE 2004, you should make every attempt to remain compliant throught 2005 and beyond. Ideally, you would ensure that controls were in place prior to going live with new software. What type of software is being installed? If it is for your GL, you really do need to have compliant when it goes live as , to meet SOX reporting requirements, you will likely need to disclose that you have installed new software in your quarterly finings. You should have someone documenting controls as a part of the configuration / tersting process so that you won’t have to test as much after you go live.



  • This will be a continous effort. You better spend some thoughts about how to get SOX from a Project into the Day-to-Day Buisness.



  • I am trying to find that ‘hard evidence’ and article ANYTHING on what has to happen at the quarters. Do we have to test every quarter, all critical (key) controls? Anyone see anything out there that could help?? Also, I just started this company as the internal audit manager… they have intstructed everyone to only keep their audit evidence ofr 90 days… which my gut tells me just isn’t right… since we may have issues when the auditors want to come and test… anyone know where I can find anything on document retention( besides the PCAOB one for the auditors)… to me, it is common sense… but I unfortunately need more than that
    Thanks…


Log in to reply