× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



SOX 404 requires auditors to assess the effectiveness of internal controls
over financial reporting.   It is the PCAOB Auditing Standard No 2 published
in March that gives the auditors guidelines for their evaluations.   This is
where the problems begin.

Since this was only published recently auditing bodies are not up to speed
on what they should be doing with SOX.  I think you got off easy.

How can you evaluate the controls on financials if the data does not have an
audit trail?   

Since no one else seems to have input on the subject <it is not going to go
away> lets just agree to disagree.

Have a nice day.

Greg






-----Original Message-----
From: kdfox@xxxxxxxxxxxxx [mailto:kdfox@xxxxxxxxxxxxx] 
Sent: Monday, October 25, 2004 2:48 PM
To: 'MAPICS ERP System Discussion'
Subject: RE: PROGRAMMER ACCESS TO PRODUCTION ENVIRONMENT

Greg,

Nothing in the SOX 404 requirements, require that IT provide a computer
generated "audit trail".

A manual procedure along with concomitant internal audit controls, are all
that is required.  Remember, SOX was written with the knowledge that some
companies do not have computer systems.

If your "real" auditor is telling you different, they are ripping you off.

Kevin Fox
kdfox@xxxxxxxxxxxxx

P.S.  I've been involved with 3 different MAPICS/SOX audits and have passed
all three.  And no, I will not be doing anymore.

-----Original Message-----
From: Greg Wenzloff [mailto:GWenzloff@xxxxxxxxxxx] 
Sent: Monday, October 25, 2004 7:14 AM
To: 'MAPICS ERP System Discussion'
Subject: RE: PROGRAMMER ACCESS TO PRODUCTION ENVIRONMENT

It's good that you have a process to approve the changes.  But how do you
meet the Sarbanes - Oxley requirement to keep a record of the changes that
occur to the security file(s)?   Your approval papers do nothing for that.
Do you have a trigger program recording changes or journaling?

These paper trails might work for a newbie auditor but a real auditor will
fail you.   You have not complied with the law.

Greg



-----Original Message-----
From: Don [mailto:dr2@xxxxxxxxxxxx] 
Sent: Monday, October 25, 2004 10:01 AM
To: MAPICS ERP System Discussion
Subject: Re: PROGRAMMER ACCESS TO PRODUCTION ENVIRONMENT



Tim,

I'm glad you're comfy with this arrangement.  I used to really hate it
when IT was nothing more than a big adding machine to balance accounting's
G/L...

I use a form that mimics the security assignment screens by application
and the application owner has to signoff on that...

Don in DC

-----------

On Mon, 25 Oct 2004 Tim.Bertnick@xxxxxxxxxxxxxxxx wrote:

> Good morning - re: setting up MAPICS security, our head of accounting must
> sign off on all MAPICS security changes - our auditors seem OK with this.
> _______________________________________________
> This is the MAPICS ERP System Discussion (MAPICS-L) mailing list
> To post a message email: MAPICS-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/mapics-l
> or email: MAPICS-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/mapics-l.
>

_______________________________________________
This is the MAPICS ERP System Discussion (MAPICS-L) mailing list
To post a message email: MAPICS-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/mapics-l
or email: MAPICS-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/mapics-l.



_______________________________________________
This is the MAPICS ERP System Discussion (MAPICS-L) mailing list
To post a message email: MAPICS-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/mapics-l
or email: MAPICS-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/mapics-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.