Who interpreted this act for IT so poorly? 171



  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • Arkham,
    that is a common theme for small to medium size companies where the end justify the means.
    SOX is nothing new in the IT audit arena, i have been doing it for 10 years. One annoying thing for SOX is the amount of documentation required, however other than that all your comments posted should of been in place in the first place then you would not have to worry about SOX.
    On a serious note, if you view SOX as a burden to your operations then you will not get much out of it. However, if you view it as a way so you can improve your business processes and justify for more IT budget then you will see the light.
    SOX= more USDUSDUSD and more IT spending which is great for us.



  • yoda404 is missing the point… her statements are true in a scolding-mother sense, but arkham is talking about the same things all SUPPORT staff are going through… we are having our rights cut to access data … and we are desktop/ application SUPPORT. How can you ask your doctor to peform surgery without looking at the body?
    I’m reminded of the fanatics in old england that went on a ‘thou shalt not workship idols’ binge… so these idots went into canterbury cathedral and ripped out the figurines of the 12 apostles, which were decorative above the church nave (chamber) and had NOTHING to do with workshiping jehovah. So - in turn are the SOX-driven fanatics and auditors loosing common sense and limiting access to what has to be used.
    It’s clear from your statement yoda, that you don’t do trench-level support but you should be commended for being organized and having your dokey together…
    DOES ANYONE KNOW ABOUT HELPDESK AND SOX IN TERMS OF DENYING OR GRANTING ACCESS RIGHTS TO NETWORK DATA DRIVES?



  • It obviously doesn’t help the Helpdesk not to have access to the systems they need to support. On the other hand does SOX require a full control over the fincancial data ending up in the paperwork disclosed.
    That impacts not necessarily that the access has to be cut totally. That only means that you need to know and have control over who is accessing the data and what they’re doing with it.
    In terms of the Helpdesk you need a effective and documented four-eye-principle and a effective and documented user management. You also need a guideline / policiy in place defineing very closely what the Helpdesk is allowed to perform and who is responsible for that.
    And of course all the documentation, support tickets etc. need to be archived for at least 7 years.
    You certainly can get around that by restricting the helpdesk so that they can’t access anything at all… 😉



  • My experience is that since SOX 404 and the PCAOB guidance are so generic, it is the audit firms that are defining the specifics of the requirements. Since the auditor must assess and comment on the controls, companies are being forced to implement what their auditor wants.
    This is leading to additional confusion as each audit firm has its own opinions as to what is acceptable. Unfortunately, the key issue for SOX 404 compliance appears to be how happy your auditor is and not actually compliance with the act.



  • :? My company is implementing SOX changes unilaterally across all divisions. Our IT department currently has responsibility for the management of desktops (we have admin rights as do most of the users)and file/print servers for all users across all locations. We run a multi- O/S environment with a Novell based file sharing structure- but slowly changing to a Active Directory based structure (user by user as funding is allowed).
    It appears that (once again) insanity has run rampant at levels that do not understand the actual day-to-day business of desktop support and have jumped off the great abyss without a full understanding of where they will land. Our admin rights to the desktop are in the process of being stripped (although our server rights/file access are in tact?).
    I guess, after the rant, the question is this…how far do SOX regulations extend?
    It appears that the scope was financial controls but then the dominoes start to fall…Finance-reporting-User-IT-local document control-shared document control- applications-
    Also, 7 years worth of backup media? USDcha-chingUSD


Log in to reply