× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2013

RE: SOX compliance

Joel,

One of the effects of SOX, since the whole point of this is to make (a very specific) SOMEBODY accountable for the practices of the business. So, the best CYA strategy is to adhere to so-called "best practice" principles...

Now, the unfortunate effect of the way SOX was written is that defining "best practice" is a little fuzzy, and open to interpretation. The auditor is the arbiter of "best practice", and unfortunately, there is a wide range of opinions on how they should interact with business. Some I've see try to impose THEIR vision of best practice, without question or mercy... Others engage with business to find the best "best practice" they can...

Typically I'd say, the objective is mostly about auditability (logging what happened) and accountability (who allowed it to happen). This broadens into risk management, disaster planning and recoverability studies, volumes of documents describing workflow, policy, and procedure. All in all, it becomes a little monster, depending on how well the business operated prior to being SOXified...

Still, there's much of value to the objectives behind SOX, and as a whole, I think companies can benefit from the experience. Some corporate cultures are more nimble and can embrace change when needed, others not so much...

Good luck!
-Eric DeLong

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Stone, Joel
Sent: Monday, February 25, 2013 9:44 AM
To: Midrange Systems Technical Discussion
Subject: SOX compliance

Does anyone have a summary of how SOX compliance should or could affect a typical Iseries shop?

From an IT auditing standpoint?

For example, outside auditors recommend all sorts of steps and often reference SOX compliance. How detailed does SOX get regarding this such as:


- IT issues in general

- Separation of PROD and TEST environments (or even hardware)

- User ids; using IBM user-ids, control of job schedulers, etc

I thought SOX was more of a financial and top management responsibility and accountability act. How far down the IT control structure of a typical company does SOX reach?

Thanks!



______________________________________________________________________
This outbound email has been scanned for all viruses by the MessageLabs Skyscan service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.