Testing within a SOX framework

  • Hello everyone,
    Forgive me if I have posted this in the wrong place, but I’m very new 😄
    I have a quick :.: question re SOX that I hope you can help me with. A client has produced a MTP which doesn’t even really meet BS829. I’d like to change it to make it more relevant but am told the structure of the document is sacrosanct as it meets sox requirements and i cannot add any more to it…
    I’ve done some digging and most of the stuff I have found is about the initial sox testing to demonstrate compliance with the introduction of the act, rather than actual ongoing testing in a sox environment.
    Can anyone point me at a website or give me any information about this? The document really isn’t fit for purpose as is but i don’t have enough information to be able to stare down IT and get it changed.
    thank you to every one who can help.

  • Welcome Elisabeth,
    I am relatively new to SOx, but I think you would be able to locate a lot of this information if you use IEEE instead of BS (British Standard).
    Try looking for 829 ieee test documentation on google.
    Edit: Direct links removed.
    They might provide the information that you require, or perhaps someone with more SOx experience could provide better information.

  • Thanks Dennis…
    I did actually mean IEEE rather than BS… sigh brain wasn’t working… 😞
    however i keep drawing a blank about testing confirming sox requirements are still met after modificiations/migrations… Hopefully someone will understand what I’m talking about (that’s the problem with not understanding sox, i don’t know how to phrase my question in a way to get the answer)

  • Elisabeth,
    I have googled and read several IEEE 829 MTP links and they all indicate that the test plan is just that a plan. Not static, but rather dynamic in nature.
    The only reasons that I can think of someone preferring a plan to be static would be either because it would be difficult to change or to have it approved again. Sometimes when approval of management is acquired people don’t want to approach them again to have their actions reviewed. Similarly, sometimes tests are designed with expediency in mind and alternatives may take longer or be more costly.
    Try to evaluate the reasons for the change. Armor yourself with information, then see if you can produce arguments once you know the why. 😉

