D
Going back to the original question I am wont to be a contrarian here.
During this phase, the external auditors will be meeting with management to review the control matrixes. They will also be identifying gaps (gap analysis) and reviewing the remediation plans (not ‘approving’).
I do not see too much wrong with this, the auditors need to do this to discharge their own duties and should share with you any deficiencies (or gaps) that they find.
They will only have stepped over the line if they give you some sort of positive assurance i.e. ‘these are fine except for’ or ‘correct the following and it will be OK’
On the first charge I find your auditor NOT GUILTY
Also, the external auditors are providing us with their flowcharts as a starting point for our management to document their processes. I feel that this is ’ auditing its own work ’ because they will be coming back at the end of the year to review their own documentation, in essence, but ?with edits?.
Does anyone agree with me that this is a violation or do you think it’s ok? I’d appreciate any feedback
Again one could argue that this is still OK. The flowchart is not the totality of your process documentation (or should not be) it is merely a simplified pictorial representation of the key steps.
Also, it should have been shared with you, whether done pre-SOX or not, anyway for validation (i.e. ‘Have we captured this properly?’). What audiotrs should not share with you is their risk assessment and their determination of key controls. They should not provide you with any other working papers either e.g. results of testing key controls.
Again I think this is a probable NOT GUILTY.