Sarbanes-Oxley Act is only directed to publicly traded companies, but a
lot of the accounting firms have taken these standards and applied them
to all companies that they perform audits for.
Most of these are pretty straight-forward and they consist of some basic
questions. More than likely, they'll ding you for items that you are
already quite aware of. We were constantly dinged for not changing
passwords often enough, not requiring a long enough password, not having
a comprehensive disaster recovery plan, etc, etc.
However, we always saw that as a good thing - we were able to bring up
our shortcomings to the powers-that-be and request additional money for
the department. If the higher-ups ignored our requests, at least we
were communicating the issues.
Best advice I ever received about an audit - just answer the questions,
always be polite and respectful, but don't hinder their work, nor help
it along either.
Good luck!
On Wed, 2008-10-15 at 11:59 -0400, Vern Ceder wrote:
> Yeah, we were a small part of this year's audit - I think as standards
> are tightening up this will only increase. We had to report on issues of
> access to accounting software, documentation, risk management, disaster
> planning, etc. The only IT-specific recommendation we got was to
> implement and test a disaster recovery plan...
>
> Cheers,
> Vern Ceder
>
> Page Lennig wrote:
> > Hi Colleagues - I'm wondering if any IT depts were part of an annual
> > Business Office audit this year? If so, what kind of role did it play in
> > audit report and what kind of follow-up was done? Our IT dept was part of
> > the audit this year and we weren't sure if it was because we are using a
> > new company or if there were new requirements out there.
> > thanks,
> > page
> >
> > Page Lennig
> > Technology Director
> > Waynflete School
> > 207-774-7863ext.320
> > page_lennig@waynflete.org
> >
> > [ For info on ISED-L see http://www.gds.org/ISED-L ]
> > Submissions to ISED-L are released under a creative commons, attribution, non-commercial, share-alike license.
> > RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L
>
Matt Burkhardt, MSTM
President
Impari Systems, Inc.
502 Fairview Avenue
Frederick, MD 21701
mlb@imparisystems.com
www.imparisystems.com
(301) 682-7901
[ For info on ISED-L see http://www.gds.org/ISED-L ]
Submissions to ISED-L are released under a creative commons, attribution, non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L
