LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: SOX Departments and Org Structure - A Query
From:	Larry Medina <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Wed, 25 Jan 2006 11:59:42 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (58 lines)

> > Is there a perspective on where the SOX maintenance function should
> > reside once compliance is obtained?  We have been kicking around the
> > idea of having it rest as an ancillary activity with Internal Audit.
> > It would be useful if there were  some empirical evidence to support
> > or refute the idea - real world evidence.


Ahhhh...SOX is a many splendored thing...  or something like that =)  I
guess there are STILL some folks that confuse LOVE and SOX, even in this day
and age.

If you've attained compliance, it makes completely logical sense that
ensuring that state remains the same would be to have it reside within
Internal Auditing.  As long as the mechanisms are in place to determine what
it takes to remain compliant.

The only additional consideration might be to ensure there is a process to
determine if any new processes or materials generated AFTER you've attained
compliance are checked to see if they involve new requirements to be
concerned with.

I doubt there would be much available as published evidence to support this,
or for that matter, ANY methodology of ensuring an organization attains or
maintains compliance aside from a self-assessment process and documenting
what that is to satisfy external auditors.

> Are there any publications coming out of the US?  Informally, what are
> > the organizations that you may be working with doing?


Articles and a lot of hoopla from any number of vendors stating they are
selling "SOX Compliant Solutions" =)  But these are the only "publications"
I've seen.  What most of these are offering is a HUGE repository, along with
advice that you should save everything, and therefore, you will be in
compliance... hardly a workable solution compared to establishing a sound
RIM Program and saving only what's required to be saved, and saving it only
as long as it's required to be saved.

There are many articles screeching to the treetops about the unrealistic
costs placed on organizations to comply with the requirements, and I'm sure
the regulating agencies are very sorry about this (NOT!) but the fact
remains, if you're in a market segment that must comply, you MUST comply.

> If someone could provide me with some feedback in any capacity, that
> > would be great.


That's all I've got to offer.

Larry
--
Larry Medina
Danville, CA
RIM Professional since 1972

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2

LISTSERV.IGGURU.US