IT SOX Compliance...

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
G

Genx87

Lifer
Apr 8, 2002
41,091
513
126
Originally posted by: brandonbull
Originally posted by: Genx87
Originally posted by: brandonbull
hahaha. That is funny. Sounds like someone isn't fully qualified for their position and now is mad because no one is there to cover for them. CYOA.....FTW!
Click to expand...

Please, have you tried to do this? Reading through the regulations is very cryptic and not entirely clear on everything. A lot of it is also unsettled law and has to be modified and will be modified soon to make things more clear.

On top of that, we are IT people, not effing lawyers or compliance specialists.
Network down, I am on it, fixed. Read NASD rule 3010 and tell us how we have to comply with it from an IT standpoint. Um ok.....
Click to expand...

The point is the OP is throwing one of his part-time coworkers/reports under the "bus" for not knowing SOx but his job is to manage IT and to know SOx.
Click to expand...

Guess I would look at his job description. SOX compliance isnt primarily an IT function. In bigger companies you have a compliance officer who creates and discusses compliance strategy with departments. So it isnt uncommon for an IT manager to not know SOX compliance like the back of his hand, or even to know where to begin.

I got stuck doing ours because we are small and dont have an on-staff compliance officer.
It sucked, and if I had the budget would have hired a consultant who does this on a daily basis.




 
W

wyvrn

Lifer
Feb 15, 2000
10,074
0
0
Originally posted by: brandonbull
Originally posted by: Genx87
Originally posted by: brandonbull
hahaha. That is funny. Sounds like someone isn't fully qualified for their position and now is mad because no one is there to cover for them. CYOA.....FTW!
Click to expand...

Please, have you tried to do this? Reading through the regulations is very cryptic and not entirely clear on everything. A lot of it is also unsettled law and has to be modified and will be modified soon to make things more clear.

On top of that, we are IT people, not effing lawyers or compliance specialists.
Network down, I am on it, fixed. Read NASD rule 3010 and tell us how we have to comply with it from an IT standpoint. Um ok.....
Click to expand...

The point is the OP is throwing one of his part-time coworkers/reports under the "bus" for not knowing SOx but his job is to manage IT and to know SOx.
Click to expand...

Most audit departments are happy to help the IT and business managers with SOX.
 
A

Anghang

Platinum Member
Apr 30, 2001
2,853
0
71
Originally posted by: NathanBWF
Anyway, the 'SOX Person' that we have here has no idea what she's doing. I myself am also new to SOX and don't really know what exactly we need to do as far as my department is concerned to make sure we 'comply'.
Click to expand...

what company is the 'SOX Person' from?

i certainly hope she's not from mine.
 
I

Insane3D

Elite Member
May 24, 2000
19,446
0
0
We talked about a few of our customers fighting with SOX compliance at work...sounded like a horror show. I'm soooo glad I work for a private company and we aren't required to be compliant...

:)
 
FoBoT

FoBoT

No Lifer
Apr 30, 2001
63,084
15
81
fobot.com
why is she the SOX person if she doesn't know anything? fire her or give her other duties

might as well only be one clueless person (you) doing the SOX thing
 
Dr. Detroit

Dr. Detroit

Diamond Member
Sep 25, 2004
8,517
914
126
Contact your corporate auditors, speak to the IT area of the auditing department and ask them for the write-ups a company of your size in your industry will generally have. That should get you started.



 
P

Pepsi90919

Lifer
Oct 9, 1999
25,162
1
81
it's pretty simple. just change every password you have every 2 minutes, and it can't be one of your last 50 passwords

oh and it must contain 60 numbers, 80 random ASCII characters and some greek letters as well
 
alkemyst

alkemyst

No Lifer
Feb 13, 2001
83,769
19
81
Personally I think SOX has/will cost more than any 'wrongdoing' someone would do against the shareholders.

It's a huge money pit for almost every company and with the economy turning, it's going to even be a bigger albatrose.

I am part of SOX in our IT dept, although a manager now 'manages' the formalities and keeps all the books. We have to change physical keycodes and electronic passwords each 1/4. We have to document a crapload of processes, plus any visitors/auditors/contractors that enter our secure areas/systems.

 
I

Insane3D

Elite Member
May 24, 2000
19,446
0
0
Originally posted by: Pepsi90919
it's pretty simple. just change every password you have every 2 minutes, and it can't be one of your last 50 passwords

oh and it must contain 60 numbers, 80 random ASCII characters and some greek letters as well
Click to expand...

:laugh:
 
S

Spooner

Lifer
Jan 16, 2000
12,025
1
76
I am in the enterprise risk services group within my firm and perform a TON of external SOX audits. I suggest you start with the cobit framework (i think it's free) as it will give you the framework for which we would test.

the ten areas we test on an IT audt:
1. Information Systems Strategy and Planning
2. Business Continuity Planning
3. Relationship with Outsourced Vendors
4. Information Security
5. Information Systems Operations
6. Application System Implementation & Maintenance
7. Database Maintenance & Support
8. Network Support
9. System Software Support
10. Hardware Support
 
N

NathanBWF

Golden Member
May 29, 2003
1,810
0
0
Originally posted by: brandonbull
Originally posted by: Genx87
Originally posted by: brandonbull
hahaha. That is funny. Sounds like someone isn't fully qualified for their position and now is mad because no one is there to cover for them. CYOA.....FTW!
Click to expand...

Please, have you tried to do this? Reading through the regulations is very cryptic and not entirely clear on everything. A lot of it is also unsettled law and has to be modified and will be modified soon to make things more clear.

On top of that, we are IT people, not effing lawyers or compliance specialists.
Network down, I am on it, fixed. Read NASD rule 3010 and tell us how we have to comply with it from an IT standpoint. Um ok.....
Click to expand...

The point is the OP is throwing one of his part-time coworkers/reports under the "bus" for not knowing SOx but his job is to manage IT and to know SOx.
Click to expand...

Um...no. SOX was not in the job description, or was it in the job posting. My job is not to "know SOX". My job is to manage the Information Technology department and those who are in it. I got stuck with SOX because we HAVE to go through it and become compliant. I'm not trying to "cut down" fellow co-workers, but the fact of the matter is that she is not familiar with SOX when it comes to the IT side of things. I was not happy with the progress that we were making with SOX, so I decided to take it upon myself and look elsewhere for help and information.

Maybe SOX is part of IT College and training course nowadays, but I can tell you it sure the hell wasn't part of my training when I was in school. As was already mentioned above, I'm an IT person, not a SOX/Audit person. If I wanted to sit at a desk all day burried with paper, drafting up controls and compliancy procedures, I would have become a lawyer or an accountant or something.

Anywho...

I was speaking with our Chief Operating Officer the other day, and apparently we don't have to fully comply for a few years. I don't know how or why, but that works for me!!! I guess we just have to have our controls in place by the end of this year, which I should have complete shortly.

Thanks to all for the helpful posts and links! :beer:
 
W

wyvrn

Lifer
Feb 15, 2000
10,074
0
0
Originally posted by: alkemyst
Personally I think SOX has/will cost more than any 'wrongdoing' someone would do against the shareholders.

It's a huge money pit for almost every company and with the economy turning, it's going to even be a bigger albatrose.

I am part of SOX in our IT dept, although a manager now 'manages' the formalities and keeps all the books. We have to change physical keycodes and electronic passwords each 1/4. We have to document a crapload of processes, plus any visitors/auditors/contractors that enter our secure areas/systems.
Click to expand...

On the projects I have been involved with, 2 frauds have been found. It's also helpful to remember your are not looking at net dollars saved, but also the perception that American accounting practices do not lead to accurate financial reporting. The backlash on American companies after Enron and MCI was so strong that it affect the perception of ALL companies. Hence why the legislators got involved.
 
W

wyvrn

Lifer
Feb 15, 2000
10,074
0
0
Originally posted by: NathanBWF
Originally posted by: brandonbull
Originally posted by: Genx87
Originally posted by: brandonbull
hahaha. That is funny. Sounds like someone isn't fully qualified for their position and now is mad because no one is there to cover for them. CYOA.....FTW!
Click to expand...

Please, have you tried to do this? Reading through the regulations is very cryptic and not entirely clear on everything. A lot of it is also unsettled law and has to be modified and will be modified soon to make things more clear.

On top of that, we are IT people, not effing lawyers or compliance specialists.
Network down, I am on it, fixed. Read NASD rule 3010 and tell us how we have to comply with it from an IT standpoint. Um ok.....
Click to expand...

The point is the OP is throwing one of his part-time coworkers/reports under the "bus" for not knowing SOx but his job is to manage IT and to know SOx.
Click to expand...

Um...no. SOX was not in the job description, or was it in the job posting. My job is not to "know SOX". My job is to manage the Information Technology department and those who are in it. I got stuck with SOX because we HAVE to go through it and become compliant. I'm not trying to "cut down" fellow co-workers, but the fact of the matter is that she is not familiar with SOX when it comes to the IT side of things. I was not happy with the progress that we were making with SOX, so I decided to take it upon myself and look elsewhere for help and information.

Maybe SOX is part of IT College and training course nowadays, but I can tell you it sure the hell wasn't part of my training when I was in school. As was already mentioned above, I'm an IT person, not a SOX/Audit person. If I wanted to sit at a desk all day burried with paper, drafting up controls and compliancy procedures, I would have become a lawyer or an accountant or something.

Anywho...

I was speaking with our Chief Operating Officer the other day, and apparently we don't have to fully comply for a few years. I don't know how or why, but that works for me!!! I guess we just have to have our controls in place by the end of this year, which I should have complete shortly.

Thanks to all for the helpful posts and links! :beer:
Click to expand...

You are right, SOX started in 2004 in earnest. I doubt schools have even fully integrated SOx and audit into their IT classes yet. It's still rather new..
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom