RE: SOX Question
- From: "Matthew Zito" <mzito@xxxxxxxxxxx>
- To: <Jeremy.Sheehan@xxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
- Date: Tue, 2 Jun 2009 15:01:21 -0400
You could definitely argue that its a controls violation - but if your auditor
says that the oversight is sufficient - i.e. the fact teh change was logged adn
stored somewhere and double-checked, even if by the same person, then there you
go. The beauty of SOX is that it means something different to everyone.
Matt
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx on behalf of SHEEHAN, JEREMY
Sent: Tue 6/2/2009 2:20 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: SOX Question
Hey folks,
I'm sure this is everyone's most favorite subject: SOX.
I'd like to throw this out to everyone and see how your company handles a
situation like this.
We have our 'change management' system. When someone needs a new
table/view/package/data fix, etc... created or modified, we have to go through
the change management process. One thing that strikes me as odd here is that
people are allowed to submit change requests and also approve them. Doesn't
that go against everything that SOX rules were created for? SOX (in a change
management sense) is all about accountability and openness of someone's
actions. So is it 'correct' for someone to submit and approve changes?
Shouldn't the approver and submitter be different?
Thoughts, ideas, comments?
Frustrated in Florida,
Jeremy
Consider the environment. Please don't print this e-mail unless you really need
to.
--
//www.freelists.org/webpage/oracle-l
Other related posts:
