Re: SOX compliance and assessment

["Will Thornsbury" <pro_logos () hotmail com>]

Actually, it depends on when your year end is. I'm a SOX IT 
auditor............the 11/15/04 deadline was for filers who's fiscal year 
ends on 12/31/04.........and even then.....my last SOX audit ended on 12/28. 
Ultimately the deadline was December 31st for those filers. I have many 
clients whose year end isn't until June 05.......so that is their 04 
year-end........it's very confusing. The business's year end is determined 
by when the company went public. Michael, I'd be glad to talk too you about 
your SOX issues.

> From: tony <tonytorri () yahoo com>
> To: Michael Jordon <mjordon21 () yahoo com>,security-basics () securityfocus com
> Subject: Re: SOX compliance and assessment
> Date: Tue, 11 Jan 2005 17:55:31 -0800 (PST)
>
> Michael,
>
> Publicly traded companies were to be SOX compliant by 11/15/04.  Security 
> and
> control process had to be in place for at least 3 months before that date 
> to
> validate they were in fact working.
>
> If you are just beginning the SOX compliance effort...you are only about 2
> years behind.  Surely someone in your company is leading this effort.
>
> It you are in the IT area..good starting would be to do keywork search on 
> Cobit
> and SAS70.  This will give you a good idea of the IT security that needs to 
> be
> in place.
>
> Tony
> --- Michael Jordon <mjordon21 () yahoo com> wrote:
>
> >
> >
> > Hello,
> >
> > I looking for a starting point to perform a SOX compliance assessment. 
> Can
> > someone assist in identification of the controls objectives for Section 
> 302
> > and 404.
> >
> > What are the other areas that should be considered to develop such
> > assessment?
> >
> > Many thanks in advance.
> >
> > MJ
> >
>
> =====
> Tony T. CISSP, CISA, CDP, CIA
> Senior IS Security & Risk Manager
> 360.906.7893 (Work)
> Northern Telecom LLP
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - Helps protect you from nasty viruses.
> http://promotions.yahoo.com/new_mail