Basic Knowledge 288
-
An observation I’ve made is that many of the questions on this site seem to stem from a basic lack of knowledge of what SOx is (and isn’t). I thought it might be useful to provide a few links to excellent sources of information:
PwC: Several white papers and links to other information from here:
pwc.com/extweb/newcoatwork.nsf/docid/D0D7F79003C6D64485256CF30074D66C
Protiviti: There are 4 PDFs to download from here including an excellent guide to S404 and also one for S302
protiviti.com/portal/site/pro-us/?epi_menuItemID=01755c4818dc3153390235a4f5ffbfa0_and_epi_menuID=2edbcb16ec30def250d64810a7cebfa0_and_epi_baseMenuID=e895a64d2cd7bc72af03a975a7cebfa0
COSO: Not as useful a site as one would hope, but nevertheless it is the model we’re all using.
coso.org
ISACA: Unfortunately you don’t get access to the entire CobIT framework without buying it, but there are a number of useful links here. Pay particular attention to the IT Control Objectives for Sarbanes-Oxley which is a very useful paper that maps the CobIT objectives to COSO.
isaca.org/AMTemplate.cfm?Section=Sarbanes-Oxley2_and_Template=/ContentManagement/ContentDisplay.cfm_and_ContentID=11247