|
Comments a few places,
It's not clear how well the "report-it-to-the-investors" part of the legislation is working. If anyone knows of an annual report that has included a SOX-type complaint in an audit letter, please tell me more about it.
I just got the IBM annual report and went looking for SOX statement from the auditors. I found an extremely wishy washy statement saying that IBM maintained in all material aspects, effective internal control over financial reporting. In my opinion, the Ernst & Young breach was not effective internal control, but I am not sure if that happened before or after the date of the audit, and it could be that back stabbing 100% of IBM employees does not qualify as a material aspect of SOX.
If annual reports of that genre can't be found, then we're left with two hypotheses:
three hypotheses
1. Thousands of publicly traded companies are doing a great job running their business with sound internal control regimens in all functional areas (including IS). 2. The fear of annoying a client and not being invited to perform next year's audit has proved to be more compelling than the fear of failing to observe the letter of Sarbanes-Oxley.
3. Companies are failing to meet SOX standards, but auditors are also failing to locate the gaps.
[Quite candidly, it's hard to believe hypothesis #1 given the testimonies I've personally heard from managers across a broad cross section of manufacturing industries.] There are several other IT compliance requirements that pre-date SOX and here's a link to information about the better known ones:<http://www.unbeatenpathintl.com/ITstandards/source/1.html>http://www.unbeatenpathintl.com/ITstandards/source/1.htmlYou mention BRMS (Business Rule Management System) software and that genre of tool can help an enterprise develop and maintain operational policies.
Gee, I thought BRMS was just a fancy IBM backup system.
Milt Habeck Founder/President Unbeaten Path International <http://www.upisox.com>www.upisox.com (888) 874-8008 +++++++ +++++++ +++++++ +++++++ +++++++ +++++++ From: "Mark Allen" <<mailto:scprideandms@xxxxxxxxx>scprideandms@xxxxxxxxx> Date: Mon, 27 Mar 2006 14:45:59 Subject: SOX and BRMS saves of Application data and Objects Looking for some ideas from somebody who's been thru this or at least part of it. I know a little about BRMS and not even sure "what" the SOXCompliance people MIGHT be looking for. I know this is vague but its all I got for now. just looking for some general ideas.
- Al Macintyre
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.