RE: SOX Question

You could definitely argue that its a controls violation - but if your auditor says that the oversight is sufficient - i.e. the fact teh change was logged adn stored somewhere and double-checked, even if by the same person, then there you go. The beauty of SOX is that it means something different to everyone.

Matt

-----Original Message-----

From: oracle-l-bounce_at_freelists.org on behalf of SHEEHAN, JEREMY Sent: Tue 6/2/2009 2:20 PM
To: oracle-l_at_freelists.org
Subject: SOX Question  

Hey folks,

I'm sure this is everyone's most favorite subject: SOX.

I'd like to throw this out to everyone and see how your company handles a situation like this.

We have our 'change management' system. When someone needs a new table/view/package/data fix, etc... created or modified, we have to go through the change management process. One thing that strikes me as odd here is that people are allowed to submit change requests and also approve them. Doesn't that go against everything that SOX rules were created for? SOX (in a change management sense) is all about accountability and openness of someone's actions. So is it 'correct' for someone to submit and approve changes? Shouldn't the approver and submitter be different?

Thoughts, ideas, comments?

Frustrated in Florida,

Jeremy

Consider the environment. Please don't print this e-mail unless you really need to.

--

http://www.freelists.org/webpage/oracle-l

--

http://www.freelists.org/webpage/oracle-l Received on Tue Jun 02 2009 - 14:01:21 CDT