|
ABSTRACT:
When it comes to Sarbanes Oxley (SOX) compliance, there's way too much testing going on. It's not anybody's fault and doesn't cause any harm, other than adding unnecessarily to costs. But we auditors find it frustrating to sit on the sidelines and watch it happen. If people only asked for our help, we could make things so much easier.
IT people are experts at making hardware and software work together to support the business. They're down in the weeds every day. So it's no surprise they tend to interpret a request to "document and test the system of internal controls" with that same level of detail, whether it's needed or not.
SOX stipulates that IT must test the "general computer controls" most important ("key") to assuring the completeness and accuracy of financial reports. This means testing controls that affect the systems instrumental in feeding or processing those reports. No more, no less.
|
| |
 |
| |
AUTHOR:
Matt Zerega
IT auditor, CIO Decisions
Matt Zerega is a West Coast IT auditor who has worked in energy, electronics and other fields. Write to him at AuditTrail@ciodecisions.com.
|
My Research History
Free Newsletters
