Discussion Boards
| Advanced Search

ASQ Discussion Boards » Public » Sarbanes-Oxley

Topic: SOX as part of a managed hybrid audit program?
Replies: 3   Pages: 1   Last Post: Nov 22, 2008 11:11 PM by: Chad Gniffke »


Reply to this Topic Reply to this Topic
Search Discussion Board Search Discussion Board

Go Back Back to Topic List Topics: [ Previous | Next ]
Replies: 3
Michael Huynh

Posts: 3
SOX as part of a managed hybrid audit program?
Posted: Oct 18, 2006 1:08 PM
  Click to reply to this topic Reply

Folks, this has been a very interesting discussion area - particularly comments from John Walz and Mark Kempf. I'm hoping the ASQ's SOX conference next week will stir up some new discussions.

It seems that companies are looking to leverage cross-functional resources in order to get the SOX job done. In addition to the Finance and Quality areas being affected, there is an impact on Supply Management (and potentially others) - and I am seeing companies wanting to harness a combined effort in order to handle the workload and also to eliminate duplication.

There has already been some discussion on expanding the quality audit scope to include some aspects of SOX criteria, but what about the infrastructure? Has anybody out there been tasked with adapting a quality or regulatory management infrastructure to include a SOX initiative? And what is the ideal profile of a team member? - a Quality Professional trained in Finance or vice versa? I'd like to hear any success stories out there with hybrid programs. Are there folks in the ASQ community that specialize in this area who could provide some consulting support?

I look forward to hearing from you, and meeting some of you on-line next week.

Thanks - Michael


William Pflanz

Posts: 1,405
Re: SOX as part of a managed hybrid audit program?
Posted: Oct 18, 2006 1:17 PM
  Click to reply to this topic Reply

Michael,

We just had a speaker on SOX at our last local ASQ section meeting. In asking about what expertise is being used on the audit teams, the speaker said that they were looking for people with Finance degrees or CPA's with IT experience. One of the local university accounting professors at the meeting concurred with this profile. Although there is overlap with Quality in many areas, SOX is still primarily concerned with accounting systems which are heavily computerized in the speaker's company. I will admit that the speaker was from the utilities industry and they generally do not have quality management systems in place and was not familiar with ISO 9000 systems.

I would be interested if other members have heard of different qualifications.

Bill Pflanz


Dan O'Leary

Posts: 395
Re: SOX as part of a managed hybrid audit program?
Posted: Nov 22, 2008 11:45 AM
  Click to reply to this topic Reply

In my internal auditing course, I mention Section 404 SOX control audits. In SOX design, there should be a process flow, an evaluation of risks, and controls to prevent a risk from happening. The risk is that of a material error in a financial statement.

Some common types of controls include segregation of duties and authorization procedures. I like internal auditors to be aware of these issues, because they might encounter them in the course of a quality audit. For example, an auditor might pull a sample of records to check for a characteristic and realize that the same person had two separate roles in a transaction. If this could affect, say, inventory balance, it may be an example of a control violation. Usually, the quality auditor isn’t in a position to know if this is a violation, but has, in my opinion, a professional obligation to report the potential problem.

One would like to think the process flows designed to identify financial risks and establish control points would have a lot in common with process flows for production or quality control activities. In particular, some of the financial controls and quality controls could be the same. For example, if a company performs a receiving operation and checks quantity and/or quality of received goods, the same check may be a control point for both quality and finance.

I see a high potential for commonality of control testing in hybrid audits. The interpretation of a control failure, however, will probably need to go to an expert. A minor finding in a quality sense may point out a material risk in the financial sense.

One area of interest in a hybrid audit program is record retention. It appears the record retention period for SOX related audit and work papers is seven years from the date the report is issued. I suspect that many companies have a shorter record retention period for quality audit material.

Regards,
Dan


Chad Gniffke
Re: SOX as part of a managed hybrid audit program?
Posted: Nov 22, 2008 11:11 PM
  Click to reply to this topic Reply

Guys For <a href="http://www.kaseya.com/products/software-inventory-audit.aspx">inventory audit software</a> I would choose <a href="http://www.kaseya.com/products/software-inventory-audit.aspx">Kaseya's</a> product.

It is an incredible product and has served many in the area of SOX compliance. If you need to make a compliance deadline in the next couple of weeks, you can do it with Kaseya.


Go Back Back to Topic List
Topics: [ Previous | Next ]

Point your RSS reader here for a feed of the latest messages in this threada