Sarbanes Oxley 409

Toggle sidebar Toggle sidebar
S

Spooner

Lifer
Jan 16, 2000
12,025
1
76
i'm in the consulting world pirmarily focusing on ensuring controls within SOX 404 are in compliance and accurately portray financial information

recently heard about Section 409 and was wondering if this was going to be the next hot topic in the world of controls compliance

Anyone heard of it?

What is Sarbanes Oxley 409?

Rapid-reporting mandate adds to compliance woes?, author Tom Hoffman states ?Most companies that have taken steps to comply with the Sarbanes-Oxley Act have focused their energies on Section 404, a provision that requires businesses to document their financial-reporting controls and procedures. But most IT managers have yet to tackle a potentially more onerous requirement: Section 409, ? ??.



Meet and exceed these 10 areas in CoBiT with the ClearPath SNAP VPN

1. Delivery & Support Section 1-2 SLA Performance Indicators

2. Delivery & Support Section 2-1 SLA Reporting & Monitoring

3. Delivery & Support Section 2-6 Regular Security & Performance Reviews of 3rd parties

4. Delivery & Support Section 5 Ensure System Security

5. Delivery & Support Section 5-10 Network Security Controls

6. Delivery & Support Section 5-11 Security Monitoring

7. Delivery & Support Section 9-5 Security Testing

8. Delivery & Support Section 10-1 Problem Management

9. Delivery & Support Section 13-2 System Event Maintance

10. Delivery & Support Section 13-3 System Event Data Assurance
 
JImmyK

JImmyK

Golden Member
Oct 9, 1999
1,145
36
91
Couple cool things about what I THINK is going to happen with Sarbanes; since the 404 section is cooling down and people are coming into compliance those exact same teams will be out of jobs and I?m talking about thousands and thousands of people. Half them will be gainfully employed because they will have to support all the new implementation because of 404 but the other half that was needed for setup and expertise will be gone.

Now the half that will be disseminated back into the unemployed pool I think will start focusing on other parts of sox maybe or maybe not 409.

409 may never come into complete fruition and is very open to interpretation, especially their adjectives that they have used. For example "Materiality", you of course cant use static numbers because each companies bottom line is totally different and you cant do it on ALL acquisitions because you have some companies that will buy a distribution center that is only a couple hundred thousand or a million or two which is a friggin rounder on most companies financial statements.

The only part that MAY work for materiality would be a percentage of a companies net income but that is also very vague and can go either way..

I unfortunately have much more to say but I?m sure most have not read this far and for those who have you are probably thinking I?m a total geek and should be flogged.. so Ill stop..

Pretty odd isnt it that nobody on the PCAOB (the board) has a CPA?

food for thought...

Originally posted by: Spooner
i'm in the consulting world pirmarily focusing on ensuring controls within SOX 404 are in compliance and accurately portray financial information

recently heard about Section 409 and was wondering if this was going to be the next hot topic in the world of controls compliance

Anyone heard of it?

What is Sarbanes Oxley 409?

Rapid-reporting mandate adds to compliance woes?, author Tom Hoffman states ?Most companies that have taken steps to comply with the Sarbanes-Oxley Act have focused their energies on Section 404, a provision that requires businesses to document their financial-reporting controls and procedures. But most IT managers have yet to tackle a potentially more onerous requirement: Section 409, ? ??.



Meet and exceed these 10 areas in CoBiT with the ClearPath SNAP VPN

1. Delivery & Support Section 1-2 SLA Performance Indicators

2. Delivery & Support Section 2-1 SLA Reporting & Monitoring

3. Delivery & Support Section 2-6 Regular Security & Performance Reviews of 3rd parties

4. Delivery & Support Section 5 Ensure System Security

5. Delivery & Support Section 5-10 Network Security Controls

6. Delivery & Support Section 5-11 Security Monitoring

7. Delivery & Support Section 9-5 Security Testing

8. Delivery & Support Section 10-1 Problem Management

9. Delivery & Support Section 13-2 System Event Maintance

10. Delivery & Support Section 13-3 System Event Data Assurance
Click to expand...

 
A

AdamSnow

Diamond Member
Nov 21, 2002
5,736
0
76
All I know is that I am sick and tired of dealing with SOX compliance crap here at work...
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Well my theory is the entire bill was made up out of nowhere by Mr. Sarbanes and Mr. Oxley because they held substancial investments in the big 3 auditing companies.

So just write them a locked in mandated job and you're all set. Just look at what was happening to the auditing industry around that time.

They didn't write this stuff to protect investors, they wrote it to save a failing and corrupt industry. So instead of failing, that industry is just corrupt.
 
Demon-Xanth

Demon-Xanth

Lifer
Feb 15, 2000
20,551
2
81
We just got a bunch of stupid password requirements added on here at work. I'm going to start using 1337 speek for passwords. I'll know if someone is looking at my password nice and quick :)
 
S

Spooner

Lifer
Jan 16, 2000
12,025
1
76
Originally posted by: JImmyK
Couple cool things about what I THINK is going to happen with Sarbanes; since the 404 section is cooling down and people are coming into compliance those exact same teams will be out of jobs and I?m talking about thousands and thousands of people. Half them will be gainfully employed because they will have to support all the new implementation because of 404 but the other half that was needed for setup and expertise will be gone.
Click to expand...
Naah, I don't buy this. More and more firms are seeing the value of having their own fully functioning internal audit department to meet both compliance laws and operation business rule compliance. This is a full time job for a number of people, especially if the company has many site locations.

also, keep in mind that SOX is in place and must be of sustained compliance year after year. since the PCAOB continually changes the rules/procedures/terms of maintaining compliance combined with changes in company procedure/control framework and inherintly adding more specific risks due to turnover/acquisitions/growth, etc.. there is still a very high value placed on people with this expertise

i may be slightly biased as i do this work for one of the Big 3 firms, but i'm also privy to a lot of information as to how we're abel to go to market and keep those billable hours stressing sustained compliance

firms will not be able to run itself for a number of years to come. SOX is still in its infancy

 
I

ingko

Member
Sep 9, 2004
46
0
0
Its all to prevent a us from losing our hard earned investment money when a big, out of control company goes down for accounting fraud like enron and anderson.

at least thats how i interpret it. plus my company is having an ipo, so that sox is important to please the wall street number nerds.
 
A

Anghang

Platinum Member
Apr 30, 2001
2,853
0
71
the company i work for is huge on SOX 404, it's the majority of our business, i wonder if we'll go the 409 route as well...i don't see why we wouldn't...
 
S

Spooner

Lifer
Jan 16, 2000
12,025
1
76
Originally posted by: ingko
Its all to prevent a us from losing our hard earned investment money when a big, out of control company goes down for accounting fraud like enron and anderson.
Click to expand...

well, that's what Sarbanes-Oxley Act of 2002 is intended to do overall, and mainly companies have been focusing on the Section 404 compliance law. all of that is well documented

I was asking more specifically to more CIO's looking into becoming SOX 409 compliance which is an entirely new set of rules/guidelines/controls/risks to abide by
 
S

Spooner

Lifer
Jan 16, 2000
12,025
1
76
Originally posted by: Anghang
the company i work for is huge on SOX 404, it's the majority of our business, i wonder if we'll go the 409 route as well...i don't see why we wouldn't...
Click to expand...
it's companies like yours that buy into the whole process and really take the time to see the value in 404 compliance that reap the long-term benefits from it.

what may seem like a useless control up front can have valuable impact down the road when you dodge a gap in controls that would have been noted as a Signifigant Deficiency that has to be filed to the SEC that automatically takes a nice stock hit when the company is forced to refile or restate some of their financial statements.

it's a law, but it has a lot of value when given the correct amount of buy-in from top execs
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Originally posted by: Spooner
Originally posted by: Anghang
the company i work for is huge on SOX 404, it's the majority of our business, i wonder if we'll go the 409 route as well...i don't see why we wouldn't...
Click to expand...
it's companies like yours that buy into the whole process and really take the time to see the value in 404 compliance that reap the long-term benefits from it.

what may seem like a useless control up front can have valuable impact down the road when you dodge a gap in controls that would have been noted as a Signifigant Deficiency that has to be filed to the SEC that automatically takes a nice stock hit when the company is forced to refile or restate some of their financial statements.

it's a law, but it has a lot of value when given the correct amount of buy-in from top execs
Click to expand...

Spooner, I'm afraid you've drank the kool-aid.
;)
 
KLin

KLin

Lifer
Feb 29, 2000
30,192
553
126
Originally posted by: spidey07
Well my theory is the entire bill was made up out of nowhere by Mr. Sarbanes and Mr. Oxley because they held substancial investments in the big 3 auditing companies.

So just write them a locked in mandated job and you're all set. Just look at what was happening to the auditing industry around that time.

They didn't write this stuff to protect investors, they wrote it to save a failing and corrupt industry. So instead of failing, that industry is just corrupt.
Click to expand...

I agree 110%. :thumbsup:
 
A

Anghang

Platinum Member
Apr 30, 2001
2,853
0
71
Originally posted by: Spooner
Originally posted by: Anghang
the company i work for is huge on SOX 404, it's the majority of our business, i wonder if we'll go the 409 route as well...i don't see why we wouldn't...
Click to expand...
it's companies like yours that buy into the whole process and really take the time to see the value in 404 compliance that reap the long-term benefits from it.

what may seem like a useless control up front can have valuable impact down the road when you dodge a gap in controls that would have been noted as a Signifigant Deficiency that has to be filed to the SEC that automatically takes a nice stock hit when the company is forced to refile or restate some of their financial statements.

it's a law, but it has a lot of value when given the correct amount of buy-in from top execs
Click to expand...

actually, my company doesn't buy the process, but provide audit services to prepare companies for the external audit...i do feel that they could've been more detailed in their writing of the compliance requirements...the way it is now leaves it too open to interpretation by the different companies that provide attestation services...
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom