Post reply

Sarbanes Oxley facts

  • June 9, 2004 at 7:18 am

    #161054

    Hello all,

     I assume if you are here you are faced with the task of trying to implement sarbanes oxley as am I.  My question is has anyone found a good somewhat official interpretation of what exactly the ramifications of SOX are? 

    I am of the opinion that there is the law, but that until there are cases and trials there are no strong guidelines to follow other than what each individual Auditor feels would be correct. 

    As I am trying to build a 3rd party application, having several different interpretations of the law would be very difficult to accommodate.  So I ask again.  WHat have you found online?

     

    any help would be appreciated

     

    Tal McMahon

    Kindest Regards,

    Tal Mcmahon

  • June 10, 2004 at 8:32 am

    #509888

    Good morning, Tal -

    I can give you links to several resources that I've found.  I will also tell you that this is still new and changing as we speak.  The latest that I've heard about this is that the auditors (Big 4, mainly) have balked at testing the IT controls because they (auditors) traditionally are not process-driven.  This would tend to make those of us in IT feel that we may not have to go through quite as much of a rigorous routine as we once thought, but I would definitely not count on that.  Lots of buzz out there, but I guess we'll see what happens.  Good luck!

     

    http://www.sec.gov/rules/final/33-8238.htm#ii

    http://www.itgi.org/

    http://www.sarbanes-oxley-forum.com/

    http://www.coso.org/

    http://www.sec.gov/interps/account/sab104rev.pdf

     

     

     

     

  • June 16, 2004 at 2:06 pm

    #510729

    Hi Tal,

     

       I agree with WM. I've been looking for a clear cut explanation of what will happen if compliance isn't correct, or if you don't comply at all.

      Right now, I think everyone is still in the "get the word out" and "as long as you try to show something" stage.

      I know that doesn't quite help, but I think we're all asking the same questions and waiting for them to be answered.

    Tim

  • June 17, 2004 at 10:40 pm

    #510951

    There isn't a good official interpretation yet. Unfortunately, even the clarifications that have been made are open to interpretation, meaning it's really hard to nail down specifics. We've seen this with HIPAA, too, so it's not altogether surprising.

    I wrote about Sarbanes-Oxley in the most recent version of SQL Server Standard. Most of the links I cited have already been referenced here. I have some more at work, I'll try and remember to post them tomorrow.

    K. Brian Kelley
    @kbriankelley

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply