For the latest two year, I have been working with Sarbanes Oxley section 404 especially in IT general control. I have been working both in design Risk Control Matrices (RCM) or performing testing thorough the control. And after hundred hours of discussion with auditee, hundred days of never ending meeting or checking document, I have a conclusion that implementing SOX is very-very difficult and sometimes not effective. Here is the reason:
See full Article.
Posts
