Question about records. 1506

  • Hello - I am a manager of a local business here in Baton Rouge, LA. I recently purchased some disposable pens with the companies name and address on them. My intention was to give the pens away to potential customers as they signed a contract for our services. Thye pens are USD.50 a piece. My direct boss informed me that I was required by the Sarbanes-Oxlet Act to document on a spreadsheet where each and every one of those pens go (i.e. which customer, name of person receiving pen, etc…). Personally I think he has gone a little overboard with this, but I need to make sure. Any help would be appreciated.

  • You must be joking

  • Hi Tim and welcome to the forums 🙂
    I also agree with FS that this seems way outside the guidelines of SOX compliancy. SOX is about managing MAJOR financial risks and assurances that no one is cooking the books. These USD.50 gifts to promote your local branch should not even come into play in your company’s efforts in achieving SOX compliancy.
    Nevertheless, I’d setup a spreadhsheet and do as the boss says until told otherwise. Maybe your company has some standard in place related to ‘gifts’ regardless of their size? Your manager is simply following the rules as he sees them.
    Hopefully, some of the experts here will chime in and share information to change this situation.

  • for you…
    for ‘the man’…

  • Hello Flanker12, and welcome to the SOx forum:
    I agree with all statements that FS, Harry, and Milan contributed.
    However, I would be happy to send a staff auditor to Baton Rouge to assist your manager develop an appropriate spreadsheet. (We have a ‘Special Rate’ for these types of situations.)
    We will be assisting your manager, because I hope that you take Milan’s suggestion seriously and discover a new opportunity with another company.
    Best reagrds.

  • Thanks John and Milan - as you guys gave me a good early morning laugh 😄 … If I were down there in that area, I’d stop in for free to help as they have the best cuisine in the world in that area 😉
    When we see things like this done in the name of SOX compliancy, it points to the need for folks to get better educated . This misapplication can make folks resistant and impact getting the true control practices done in the most efficient and effective manner 😞
    ANOTHER EXAMPLE: Actually, what Tim shares with us is mild, compared to what I personally went through in another organization. I’ve shared in a couple of other threads where I had to physically print everything that were in electronic versions because the compliany officer thought that folks might potentially alter information (even though we had security and timestamp controls over the project reports library). I would have gladly filled out Tim’s spreadsheets rather than printing off the mainframe, walking to retrieve the reports, bundling them, and mailing them each day. I lost probably an hour a day doing this. Since then I believe they changed.
    Besides education, SOX implementation requires planning. Project Management is another skill set I continue to build on and it’s applicable for SOX. For example rather than going in unorganized and untrained – folks need to set up a project plan, get educated, and go after the big ticket items on a priority basis.
    Trying to control a USD.50 financial exposure definitely is not ‘seeing the forest for the trees’.

  • …a totally useless post and only one of its kind…figured with Harrys name on virtually every post, readers seeing the home page might feel that the Forum is completely dominated by feedback from one professional…hardly the case…segregation of duties all the way.

  • Thanks everyone. I appreciate all of your inputs, however I am going to do what my boss has ordered me to do. In the meantime I will attempt to patiently educate him about the intent of the ‘SOX’ act (i.e. leave him a copy of it on his desk, e-mail the link to him, etc…). Unfortunately he is a very close-minded individual that has proven without a doubt that the ‘Peter Principle’ works.

  • bosses like urs are the ones who hype up this act. Do not tell ur auditors about this, they would surely like to consider this as a financially significant process and increase their billing on you 😄
    SOX is no longer an ACT, its a weapon which is used to threaten employees, much dangerous than a nuke

  • Ask your boss to keep a record of all his yellow stickies and where and for what they’ve been used.
    It might turn out your office supply management process will have to be audited.

Log in to reply