|
We have both IT (systems) audits as well as SOX 404 audits. The 404 audit seeks to document procedural controls that (for example) prevent the same person from creating a PO, receiving against it, invoicing, and cutting a check. The IT part controls system-side who can access which functions; the 404 audit looks at mitigating controls, policies and procedures. 404 is typically handled by finance, accounting, receiving, purchasing, etc. Loyd Goodbar Senior programmer/analyst BorgWarner E/TS Water Valley 662-473-5713 -----Original Message----- From: Doug Hart [mailto:DougHart@xxxxxxxxxxxx] Sent: Tuesday, April 04, 2006 15:49 To: 'Midrange Systems Technical Discussion' Subject: RE: Sarbanes-Oxley / my opinion Yes, SOX was a knee jerk reaction by politicians to say they are doing something to protect stock holders. I can't speak on accounting audits but the IT audits seem focused on system access. I'm not aware that any of the companies listed below had problems with unauthorized system access. Put simply, if your company financial VP calls you (iSeries secofr) and says he needs access to the accounting DB you'll give it to him. If he's a crook your company gets on the short list. My concern is much more on the integrity of the PFs not system access. We have always done a decent job with who gets to what. But who looks to double check that your LF is built over the correct PF or in the right lib? Do you check the libl of your Jobds and interactive jobs? Are your end users trained on the correct normalization of your DB to properly use their ad-hoc query tools? Do your (poorly paid and trained) operators understand how and where to restore objects? SOX does not help our company build or sell product but has cost us big bucks. Tell that to the stock holders. -- Doug Hart
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.