SOX.1.22:: Difference between revisions
No edit summary |
No edit summary |
||
| Line 3: | Line 3: | ||
<br> | <br> | ||
::'''4. Risk: Poorly managed systems or system functionality does not delivered as required and financial information is not processed as intended. ''' | ::'''4. Risk: Poorly managed systems or system functionality does not delivered as required and financial information is not processed as intended. ''' | ||
:::a. SOX.1.22: Service levels are defined and managed to support financial reporting system requirements. | :::a. SOX.1.22: Service levels are defined and managed to support financial reporting system requirements. | ||
<br> | <br> | ||
| Line 12: | Line 11: | ||
<blockquote style="background: white; border: 1px solid black; padding: 1em;"> | <blockquote style="background: white; border: 1px solid black; padding: 1em;"> | ||
1. Obtain a sample of service level agreements and review their content for clear definition of service descriptions and expectations of users. | 1. Obtain a sample of service level agreements and review their content for clear definition of service descriptions and expectations of users. | ||
<br> | |||
<br> | |||
2. Discuss with members of the organization responsible for service level management and test evidence to determine whether service levels are actively managed. | 2. Discuss with members of the organization responsible for service level management and test evidence to determine whether service levels are actively managed. | ||
<br> | |||
<br> | |||
3. Obtain and test evidence that service levels are being actively managed in accordance with service level agreements. | 3. Obtain and test evidence that service levels are being actively managed in accordance with service level agreements. | ||
<br> | |||
<br> | |||
4. Discuss with users whether financial reporting systems are being supported and delivered in accordance with their expectations and service level agreements. | 4. Discuss with users whether financial reporting systems are being supported and delivered in accordance with their expectations and service level agreements. | ||
</blockquote> | </blockquote> | ||
Latest revision as of 15:05, 25 June 2006
- 4. Risk: Poorly managed systems or system functionality does not delivered as required and financial information is not processed as intended.
- a. SOX.1.22: Service levels are defined and managed to support financial reporting system requirements.
Testing Procedures
1. Obtain a sample of service level agreements and review their content for clear definition of service descriptions and expectations of users.
2. Discuss with members of the organization responsible for service level management and test evidence to determine whether service levels are actively managed.
3. Obtain and test evidence that service levels are being actively managed in accordance with service level agreements.
4. Discuss with users whether financial reporting systems are being supported and delivered in accordance with their expectations and service level agreements.
Testing Frequency
Annually
Evidence Archive Location
Insert hyperlink or location of evidence archive.
Control Stewards Process Narrative
Provide control steward commentary indicating the formal methodology in place.
Control Steward – Jane Manager
Process Illustration
Replace this test by inserting a process diagram, flowchart or other visual representation to illustrate the process narrative as necessary. Include a brief description of the process illustration.
Control Status and Auditors Commentary
The control is effective.
File:Greenlock.jpg
Status is acceptable.
Control Exception Commentary
Status is acceptable.
Remediation Plan
Remediation is not required at this time.