SOX complianceGauging your SOX progress <<previous|next>> :COSO and COBIT: The value of compliance frameworks for SOX
IT Security Audits
Internal audits for Sarbanes Oxley and internal IT support
However, a huge part of the SOX 404 requirements revolve around whether a company has documented processes and procedures and how well it follows them. So if your company has policies in place that limit who can access critical systems (and they must have such policies under SOX) it is possible that those policies have recently changed to include only a particular third party. This is not as crazy as it seems if there was a recent outsourcing of IT services.
However, it is just as likely that somewhere along the line there was a misunderstanding when someone conflated the ideas of system configuration and system assessment. I encourage you discuss this in more detail with your COO and make sure you are both on the same wavelength.
About the author:
- Find out more about SOX and email archiving.
- Read about strategies that can improve security and audit relationships.
15 Jan 2009