We have both IT (systems) audits as well as SOX 404 audits. The 404 audit
seeks to document procedural controls that (for example) prevent the same
person from creating a PO, receiving against it, invoicing, and cutting a
check.

The IT part controls system-side who can access which functions; the 404
audit looks at mitigating controls, policies and procedures. 404 is
typically handled by finance, accounting, receiving, purchasing, etc.

Loyd Goodbar
Senior programmer/analyst
BorgWarner
E/TS Water Valley
662-473-5713

-----Original Message-----
From: Doug Hart [mailto:DougHart@xxxxxxxxxxxx] 
Sent: Tuesday, April 04, 2006 15:49
To: 'Midrange Systems Technical Discussion'
Subject: RE: Sarbanes-Oxley / my opinion


Yes, SOX was a knee jerk reaction by politicians to say they are doing
something to protect stock holders.

I can't speak on accounting audits but the IT audits seem focused on system
access.  I'm not aware that any of the companies listed below had problems
with unauthorized system access.  

Put simply, if your company financial VP calls you (iSeries secofr) and says
he needs access to the accounting DB you'll give it to him.  If he's a crook
your company gets on the short list.

My concern is much more on the integrity of the PFs not system access.  We
have always done a decent job with who gets to what.  But  who looks to
double check that your LF is built over the correct PF or in the right lib?
Do you check the libl of your Jobds and interactive jobs?  Are your end
users trained on the correct normalization of your DB to properly use their
ad-hoc query tools?  Do your (poorly paid and trained) operators understand
how and where to restore objects?   

SOX does not help our company build or sell product but has cost us big
bucks.  Tell that to the stock holders.

--
Doug Hart

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.