To ensure that these are complementary and not
contradictory, an understanding of SOX is useful as it is a major driver
to the latter objective. The purpose of this document is to provide this
background and to show how these considerations have been applied to Codel
Services' process templates.
Note: for details on how to obtain the template
for this deliverable, please visit the
To be “SOX complaint” is one of the aims of the template. This section
describes some of the characteristics of SOX that may be relevant.
What is SOX
Sarbanes-Oxley Act (SOXA) is a response to a number of US corporate and
accounting scandals. These resulted in a significant loss of public trust
in corporate accounting and reporting practices.
It has the key objective to ensure that:
Specifically section 404 (SOX 404) mandates that management must assess
internal controls annually, and have these attested by an external
The scope of SOX has changed considerably over the last few years.
Initially, the Public Company Accounting Oversight Board (PCAOB) was set
up to oversee and advise on the implementation of SOX globally, on behalf
of the SEC.
Their initial guidance was that companies should follow the industry
standard best practice set out in the “Committee for the Sponsoring
Organisation” (COSO) and, specifically for IT, “Control Objectives for
Information and related Technology” (COBIT)
COBIT imposed very rigorous requirements on companies, and earlier this
year the PCAOB yielded to pressure from early filers to lessen the degree
of stringency around the more “peripheral controls, while still focussing
on the critical ones such as Change management and logical access.
Whilst this is open to interpretation, most banks have taken this to
allow a shift away from the COBIT approach to one of identifying a small
set of “truly key “ controls that can be tested against a set of defined
It is likely that the level of stringency of documentary evidence on
this leaner set of mandated controls will be consequently higher.
© 2002-2007 Codel Services Ltd
This paper has been prepared
by Codel Services Ltd to illustrate how structured business
modelling can help your organisation. Codel Services Ltd is an IT
Consultancy specialising in business modelling. If you would like further
information, please contact us at: Deryck Brailsford, Codel Services Ltd,
Dale Hill Cottage, Kirby-Le-Soken, Essex CO13 0EN,United Kingdom.
Telephone: +44 (0)1255 862354/Mobile: + 44 (0)7710 435227/e-mail: firstname.lastname@example.org