Joel,
SOX is all about getting executives to be responsible for the numbers that
they are reporting. If you read the entire SOX act of 2002, you will not
find the word "computer" anywhere in the document. However, reading
between the line, there are three sections of the SOX Act that apply,
specifically sections 302, 404 and 409. Find a copy of the act and focus
on these three.
Here's a link to the details: [1]
http://www.sec.gov/about/laws/soa2002.pdf
Rich Loeber - @richloeber
Kisco Information Systems
[2]
http://www.kisco.com
--------------------------------------------------------------------------
On 2/25/2013 10:43 AM, Stone, Joel wrote:
Does anyone have a summary of how SOX compliance should or could affect a typical Iseries shop?
From an IT auditing standpoint?
For example, outside auditors recommend all sorts of steps and often reference SOX compliance. How detailed does SOX get regarding this such as:
- IT issues in general
- Separation of PROD and TEST environments (or even hardware)
- User ids; using IBM user-ids, control of job schedulers, etc
I thought SOX was more of a financial and top management responsibility and accountability act. How far down the IT control structure of a typical company does SOX reach?
Thanks!
______________________________________________________________________
This outbound email has been scanned for all viruses by the MessageLabs Skyscan service.
For more information please visit [3]
http://www.symanteccloud.com
______________________________________________________________________
References
Visible links
1.
http://www.sec.gov/about/laws/soa2002.pdf
2.
http://www.kisco.com/
3.
http://www.symanteccloud.com/
midrange.com
