Roll Forward control type 2603
-
Ok, Can a contorl that is tested currently, meaning that it is a cyclical control be rolled forward or does it have to be a control that is sampled?
For example Server room access we tested to make sure physical controls are in place for roll forward can we go back and note any changes to see if those controls are still in place?
-
For example Server room access we tested to make sure physical controls are in place for roll forward. Can we go back and note any changes to see if those controls are still in place?
Hi Hobbs - While I’m not as versed in sampling/testing criteria for SOX Financial System controls, what is specified in the SOX 404 guidelines represent minimum standards for compliance.
In addition to meeting minimum SOX guidelines, you can certainly perform numerous tests beyond what is required for Financial Systems sampling/testing to ensure all critical security concerns stay addressed.
For example, the physical security concerns cited would most likely be on the SOX auditor’s checklist anyway (and would be good to review for SOX and non-SOX security related needs).