More specific question on SOX 1648
-
Prevention of fraud is not a SOX requirement, rather the requirement is to have processes that will correctly record correctly any losses that might occur.
Read the PCAOB guidance on Safeguarding of Assets.
-
In context with the original post, the more expedited approval process would only be used in true emergencies (which hopefully there would be few of these). The standard 'process with more rigorous approvals and controls would be used for all normal business purchases
%0AThe first thing I were told when I started looking at our project was that ‘SOx requires you to document day to day controls’%0AIf these emergencies happens on a daily basis, then there’s really something wrong with the operational controls. When documenting my companies controls I’ve always said to the people ‘I’m only looking for what happens in 95% of the instances’