SOx Relevant Issue? 863

  • Perhaps a silly question to some but there are a number of sources from which ‘issues’ can be derived, e.g. Internal Audit, External Audit, Controls Projects etc.
    Some of these will be SOx relevant issues, some won’t. Has anyone developed a criteria for ensuring/determining when an issue is SOx relevant?

  • An issue would be SOX relevant if it relates to ‘internal Control Over Financial Reporting’

  • I was aware of this as a high level interpretation - is there anything a bit more specific or maybe a set of criteria/factors that could be used generally to make the decision of SOx relevance?

  • If the control fails, and imagine you have no other controls for this particular process, would it effect your ‘internal control over financial reporting’? If it does, you have an issue.
    i.e. - if your company is in construction, and a bug is found in your CAD software, it will not effect your ‘internal control over financial reporting’ if you don’t patch it
    however, if it is in your ERP software, things are alot different…
    Do not think there’s an easier way to determine if it’s an issue or not, than what Denis said. (If you find it, let us know.)

Log in to reply