Fundamental Segregation of Duties 320
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
That’s easy. If you read section 404 in SOX (this is the section that supposedly impacts IT the most) it states that you must have documentation of internal controls. Loosely described, an internal control is any repeated process used for business reasons. Hence, the process for something as simple as moving a computer from one desk to another can be described as an internal control. Audit companies are using this ridiculously vague wording to their advantage by applying it to everything. The same goes for segragation of duties. Do you really think the Sarbanes-Oxley act, created to stop future Enron situations, was intended to stop software developers from troubleshooting production issues? I know. Im going to hear from some moron who would tell me that this is the way they can ensure that IT is not spending money for nothing and all changes and the like are requested and approved and blah blah blah. Ive heard all that crap before. So in this way, the company will end up pissing away god knows how much money on idiotic unnecessary processes instead of just fixing the problem.
Now that I am off my soap-box, why auditors are coming up with all this is 2 fold:- Due to the vagueness of the Act, they and/or the SEC can apply it to anything.
- It’s a great way to rake in a TON of money if you’re an audit company.