MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » February 2013

Re: SOX compliance



fixed

You're absolutely right. The purpose of SOX is to place personal financial responsibility on IT personnel for their role in inacurrate financial reporting to stock holders much like the CFO and other executives.

Disallowing downloading of this information is a recommended function of reducing this liability.

Sent from my iPhone

On Feb 25, 2013, at 12:01 PM, Charles Wilt <charles.wilt@xxxxxxxxx> wrote:

You can download financial data all you want and do whatever you want to it
in Excel...

SOX doesn't care.

What you can't do is take that "ad-hoc" report and represent it as
an official financial report.

Heck one could conceivably have an official financial report done in Excel
complete with (documented) manual manipulations by the CFO ect. SOX
doesn't care. What SOX cares about is that the CFO ect is willing "
take *individual
responsibility* for the accuracy and completeness of corporate financial
reports."

Charles


On Mon, Feb 25, 2013 at 12:44 PM, RBD <brentdunn007@xxxxxxxxxxx> wrote:

You cannot download the company financial information in a manner that it
can be manipulated outside of a software package like JDE Edwards. This
means excel spreadsheets and the like.

This does not include non-corporate-financial information. You can down
load customer information to customer service, loan data to secondary
marketing (banking) and the like. I'm not sure if collections information
is restricted, but I've never heard that it is.

The downside is, that we as IT professionals can now be held financially
responsible for the companies financials just like the executives and
directors of the company.

I worked extensively with Harley Davidson on the SOX compliance.

The truth is though, i have yet to hear of a single company getting in
trouble due to not being compliant.

I hope I've clarified my comments.

Sent from my iPhone

On Feb 25, 2013, at 11:33 AM, rob@xxxxxxxxx wrote:

Really? "All"?
<snip>
This means eliminating all download of financial data from the iseries.
</snip>

I doubt it. I suppose sending ASN's to your customers could be
considered
a download. Any ETL package would be considered a download. Heck, a
printout could be considered a download.
I really think it's more intended that the data be controlled.

I can download my transactions from my bank to my PC. I take it that
makes my bank out of compliance with SOX?




Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: RBD <brentdunn007@xxxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>,
Date: 02/25/2013 11:37 AM
Subject: Re: SOX compliance
Sent by: midrange-l-bounces@xxxxxxxxxxxx



Sox also includes limiting access to financial data. This means
eliminating all download of financial data from the iseries.

It can mean legal responsibility for company finances.

Sox does not apply to wholely own companies. Only corporations.

On Feb 25, 2013, at 10:03 AM, Rich Loeber <rich@xxxxxxxxx> wrote:

Joel,

SOX is all about getting executives to be responsible for the numbers
that
they are reporting. If you read the entire SOX act of 2002, you will
not
find the word "computer" anywhere in the document. However, reading
between the line, there are three sections of the SOX Act that apply,
specifically sections 302, 404 and 409. Find a copy of the act and
focus
on these three.

Here's a link to the details: [1]
http://www.sec.gov/about/laws/soa2002.pdf

Rich Loeber - @richloeber
Kisco Information Systems
[2]http://www.kisco.com



--------------------------------------------------------------------------

On 2/25/2013 10:43 AM, Stone, Joel wrote:

Does anyone have a summary of how SOX compliance should or could affect
a typical Iseries shop?

From an IT auditing standpoint?

For example, outside auditors recommend all sorts of steps and often
reference SOX compliance. How detailed does SOX get regarding this such
as:


- IT issues in general

- Separation of PROD and TEST environments (or even hardware)

- User ids; using IBM user-ids, control of job schedulers, etc

I thought SOX was more of a financial and top management responsibility
and accountability act. How far down the IT control structure of a
typical company does SOX reach?

Thanks!



______________________________________________________________________
This outbound email has been scanned for all viruses by the MessageLabs
Skyscan service.
For more information please visit [3]http://www.symanteccloud.com
______________________________________________________________________

References

Visible links
1. http://www.sec.gov/about/laws/soa2002.pdf
2. http://www.kisco.com/
3. http://www.symanteccloud.com/
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact