Compliance with SOX controls following disaster 1213
Steggaholic last edited by
While the PCAOB has specifically excluded Business Continuity Planning from the scope of SOX internal controls, has anyone discussed whether a company that has suffered a major disaster (eg. Hurricane Katrina) must plan for Sarbanes Oxley compliance during its recovery process? In other words, are the business functions, systems, etc., associated with internal control of financial systems a part of the company’s BCP so that SOX controls may be continued during the recovery? Will SOX reporting and monitoring be required during recovery mode, understanding that most organizations will be operating at less than full capacity?