|
SOX 404 requires auditors to assess the effectiveness of internal controls over financial reporting. It is the PCAOB Auditing Standard No 2 published in March that gives the auditors guidelines for their evaluations. This is where the problems begin. Since this was only published recently auditing bodies are not up to speed on what they should be doing with SOX. I think you got off easy. How can you evaluate the controls on financials if the data does not have an audit trail? Since no one else seems to have input on the subject <it is not going to go away> lets just agree to disagree. Have a nice day. Greg -----Original Message----- From: kdfox@xxxxxxxxxxxxx [mailto:kdfox@xxxxxxxxxxxxx] Sent: Monday, October 25, 2004 2:48 PM To: 'MAPICS ERP System Discussion' Subject: RE: PROGRAMMER ACCESS TO PRODUCTION ENVIRONMENT Greg, Nothing in the SOX 404 requirements, require that IT provide a computer generated "audit trail". A manual procedure along with concomitant internal audit controls, are all that is required. Remember, SOX was written with the knowledge that some companies do not have computer systems. If your "real" auditor is telling you different, they are ripping you off. Kevin Fox kdfox@xxxxxxxxxxxxx P.S. I've been involved with 3 different MAPICS/SOX audits and have passed all three. And no, I will not be doing anymore. -----Original Message----- From: Greg Wenzloff [mailto:GWenzloff@xxxxxxxxxxx] Sent: Monday, October 25, 2004 7:14 AM To: 'MAPICS ERP System Discussion' Subject: RE: PROGRAMMER ACCESS TO PRODUCTION ENVIRONMENT It's good that you have a process to approve the changes. But how do you meet the Sarbanes - Oxley requirement to keep a record of the changes that occur to the security file(s)? Your approval papers do nothing for that. Do you have a trigger program recording changes or journaling? These paper trails might work for a newbie auditor but a real auditor will fail you. You have not complied with the law. Greg -----Original Message----- From: Don [mailto:dr2@xxxxxxxxxxxx] Sent: Monday, October 25, 2004 10:01 AM To: MAPICS ERP System Discussion Subject: Re: PROGRAMMER ACCESS TO PRODUCTION ENVIRONMENT Tim, I'm glad you're comfy with this arrangement. I used to really hate it when IT was nothing more than a big adding machine to balance accounting's G/L... I use a form that mimics the security assignment screens by application and the application owner has to signoff on that... Don in DC ----------- On Mon, 25 Oct 2004 Tim.Bertnick@xxxxxxxxxxxxxxxx wrote: > Good morning - re: setting up MAPICS security, our head of accounting must > sign off on all MAPICS security changes - our auditors seem OK with this. > _______________________________________________ > This is the MAPICS ERP System Discussion (MAPICS-L) mailing list > To post a message email: MAPICS-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/mapics-l > or email: MAPICS-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/mapics-l. > _______________________________________________ This is the MAPICS ERP System Discussion (MAPICS-L) mailing list To post a message email: MAPICS-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/mapics-l or email: MAPICS-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/mapics-l. _______________________________________________ This is the MAPICS ERP System Discussion (MAPICS-L) mailing list To post a message email: MAPICS-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/mapics-l or email: MAPICS-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/mapics-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.