09-20-2006 9:44 AM
Hi All,
We are undergoing SoX audit now.They are asking for lots of process documents and all .We don't have much..My question is a stupid question..
What will happen if we are not able to provide much docs and justify a number of changes in the syetsm ..Basically I want to know what are the outcome of such audits..Do they give some rating or they say Pass/Fail .What if we fail..what is the worst thing that can happen .
Please advice from your experience ...
Thanks.
Suman
09-20-2006 9:50 PM
Hi,
Basically, these will be findings and you'll be given some time to remediate the findings. In that time you need to get all the documents written up and approved (date of approval is also important). Same for process documents.
SOX is usually for checking Finance irregularites but now its being applied to every aspect.
So with these findings, you'll get an unsatisfactory or failed rating. After your remediation is complete, they'll reaudit your processes and procedure where there was a finding to ascertain that it was indeed remediated plus they might audit some other things as well.
You'll get this every year...Welcome to the world of SOX :).
Cheers,
Kedar
09-20-2006 5:00 PM
Hi Chitta,
With small info in this space - my 2 cents on the comment below.....
The OUTCOME of such AUDITS is just a fail.
They would say the Organisation is not SOX Compliant and thats a bad thing to happen. But its not only system documents, there is also a check on Process compliance where various checks shd be in place to attain SOX compliance.
Br,
Sri
09-20-2006 9:50 PM
Hi,
Basically, these will be findings and you'll be given some time to remediate the findings. In that time you need to get all the documents written up and approved (date of approval is also important). Same for process documents.
SOX is usually for checking Finance irregularites but now its being applied to every aspect.
So with these findings, you'll get an unsatisfactory or failed rating. After your remediation is complete, they'll reaudit your processes and procedure where there was a finding to ascertain that it was indeed remediated plus they might audit some other things as well.
You'll get this every year...Welcome to the world of SOX :).
Cheers,
Kedar
04-16-2007 3:59 AM
Just a clarification and a comment/question on your "fears" ... why are you so concerned about it? Sarbanes-Oxley is a US law and does not affect you or your organization unless:
1. Your organization is located in the US
2. Your organization is located outside the US but is listed or has an Office in the US
3. Your organization is outside the US and is voluntarily adapting Sarbanes-Oxley requirements
Any other comments?
Cheers,
Wolfgang