SOX Compliance 1590

  • I work for a IT Company - sister company for a Freight Logistics. The parent company is trying to go for SOX Compliance next year. I have been asked by my Manager to give him a plan how the sister company can go for sox compliance. I have no idea what that is. I am a Quality Assurance Consultant not an internal auditor.
    Can someone please help me to know what are the prelim things that i have to do and any sample phase plans for going sox compliance.
    Any help in this regard would be of great help
    Thanks in Advance.

  • Below is an updated list of recommendations, from one I had previously shared … To me, the cornerstones for success include: Planning, Training, and Commitment … Good luck to you 🙂

    1. Set up a Project Plan for meeting SOX compliancy requirements (Research and explore what is needed prior to doing anything). Good planning will pay dividends for establishing this process.
    2. Get training right away. The core team and especially the leader of the process should invest a week or so in training. Consider attending a formal seminar away from work where you can focus and interact with other participants. This will create a good foundation for what’s required.
    3. Perform an inventory of all your IT applications. Identify all of your financial systems and look for any indirect relationships.
    4. In conjunction with the inventory, examine the workflow and human factors surrounding financial processing.
    5. After the inventory, perform a Risk Management study on all your financial applications (looking at possibilities that someone could either accidently or alter financial records)
    6. Look at ways of strengthening the Financial process and implement new controls (e.g., versioning, change management, and security)
    7. Evaluate random sampling controls and requirements for your financial applications to setup a testing/sampling program on controls each quarter or month, depending on the needs.
    8. Evaluate the SOX 404 standards for best practices associated with IT control improvements . Set up a plan to implement and improve standards. Evaluate the COBIT 4.0 standards for IT controls over financial applications (note that COBIT 3.0 is the minimal acceptance level)
    9. Work closely with both internal and external auditors and gain their approvals for the work that will be done.
    10. Setup an e-Library (electronic documentation library) to include all your SOX documents, test plans, communications, etc.
    11. Make sure you obtain senior management support for the process. It is an important aspect for implementing change. They must also support the additional work, human resources, and costs that will be needed to gain compliancy.
    12. After the initial process is implemented, continue to improve the SOX controls and keep up-to-date with changes in business and legal requirements.

  • Thanks a lot for the reply.
    I did some research on sox compliance. If you can give me more info regarding COSO Framework - Does IT has to comply with COSO Framework and COBIT 4.0 ? Please help me.
    My boss is asking me to give a prelim presentation of what are the pre- requisites for going to sox compliance.
    It would of great help if you can provide me with any kind of check list…
    Thanks in Advance

  • These prior links might help provide more background information:
    Background and Links for SOX, COSO,and COBIT
    COBIT Maturity Level for SOX Compliance
    Note Denis and Milan’s excellent advice in this thread related to COBIT 🙂 … While it’s not necessarily mandatory, it’s highly advisable to be COBIT-compliant, as many of the audit firms feel it is the most applicable IT framework for SOX compliancy
    ISO27001/BS7799 Certification vs. Sarbox Compliance

  • Select Freight Logistics/Forwarder Financial Reporting Risks:

    • Contingent liabilities including environmental, legal, damage and injury liabilities are not properly valued/supported.
    • Damage reserves, debt compliance, and liquidity.
    • Valuation of fixed assets, fleet, materials and supplies, and intangibles.
    • Deferred tax assets/liabilities are not properly valued.
    • Assets, including goodwill and other intangibles, are not properly valued.
    • Customer refund obligations and revenues or customer contract obligations / impairments are not properly valued and disclosed.
    • Presentation and valuation of trade receivables.
    • Debt compliance and liquidity.

Log in to reply