law, judicial, Sarbane Oxley, technology, datamine, textmine, user information
SOURCE: BNET
SOX insights from an IT auditor
By Jeff Davis
In this column, it's my pleasure to introduce you to Nick Edmunds. In his role as senior IT auditor for a Fortune 300 company in the food services industry, Mr. Edmunds has spent the majority of his time in the past year on ensuring his company's compliance with Sarbanes-Oxley.
I managed to hijack a bit of Mr. Edmunds' precious free time to talk about his experiences and recommendations to fellow internal auditors. Here are some of the highlights from our conversation.
The hardest part of compliance: Interpreting requirements
When asked what he considered the most challenging aspect of compliance, Edmunds said, "Without a shadow of a doubt, the generality of the requirements, the lack of specifications."
So who is responsible for interpreting the requirements? "[My company] is taking the stance that we are relatively well controlled, and we understand our control environment," Edmunds said. "But accounting firms are taking a difference stance. First, they feel they need to be aggressive and comply as much as possible to the letter of the law to minimize their own risks. Second, it's in their best interest to push for all controls to support their audit (billable) hours.
"The external auditors lean toward cautious. We lean toward what works best in our industry."
Mistakes made along the way
I asked Edmunds if his team had made any mistakes along the way, and he answered, "Two. First, not looking at control objectives, and not adopting control objectives at the outset of the project."
"We started out just using risks...
For more, click on the link provided...