SOX Compliance Career Guide and Counseling

Question: How to get a SOX Compliance job in Canada? I recently graduated (BComm in Accounting), and I am unable to find a job with a CA firm, because my GPA is not over 3.0 (just 2.91). I see that only CAs can make big money in the accounting world, because they can audit things and do SOX compliance. Right now, I am an accounting clerk, and I do not know how to get a good accounting job and get an entry level SOX compliance training job. Anyone can help me! How to network with people. CGA and CMA are below CA???? That's what i heard from peers, is this true.

Answer: SOX does not apply to companies outside the US. If there's any sensibility left in the world, soon it won't apply to anyone.

Question: Why spreadsheets are not good for Sarbanes-Oxley (SOX) compliance? My company has been meeting Sarbanes-Oxley (SOX) requirements through manual spreadsheet-based processes. We want to automate these processes. What kind of technology is out there now to help with SOX compliance?

Answer: It is difficult to provide non-repudiation within spreadsheets in a scalable context. To replace spreadsheets look towards governance, risk and compliance (GRC) management platforms. Vendors in this space include Axentis, BWise, MEGA, JmeSoftwares. They are a much better choice over the use of spreadsheets for Sarbanes-Oxley compliance.

Question: Is SOX compliance required in test environments? Our DBA's are locking down certain database features (UTL_FILE) that allow us to read/write files to a specific directory on the Oracle database server for SOX compliance and DB security. We have separate database servers for development and production. The DBA's review and promote all code to the production environment. Is revoking developer access to UTL_FILE common practice in other companies? Mostly, we just need to be able to read flat files for processing. Is this really a huge security issue? We don't even need to create files. We typically get requests from business analysts to load data they get from customers for analysis. The format for the data is never consistent. So we would use UTL_FILE in a PL/SQL program to read the file and parse through it to insert the data appropriately in the table. The flat file must still be loaded on the database server by the DBA. We are now being told that we need to request that a new temporary table be created (which has to go through a long drawn review process to promote to our production database) and then populated using SQL*Loader. Their concern is that we might use UTL_FILE to read sensitive data on the server (though no can or should be writing/storing sensitive data to this folder other than DBA's). We only need access to this in our development instance (which only has test data) to create the program. Its executed in production by the DBA's. Seems like very little additional security but a lot more work.

Answer: Regarding common practice, I wont be able to add up anything on that. But the ability to read a flat file need not necessaily be a security hassle. The ability to create files might, on the other hand, be a potential security issue. I can totally understand the requirement to create flat files and read from them. If these are created & read by internal applications running within the intranet on within the same server, the permission of the same should be extended to the same. This could be a case of the DBA reading too much into the SOX requirements.

Question: What is Sarbanes Oxley Compliance (SOX)? I am an Accountant, recently settled down here in Australia and I have found many companies here are concerned about SOX, but I have never heard of this before. Are these regulations applicable only to Australia? Who should comply with these regulations?

Answer: SOX is the public company accounting reform and investor protection act. It was passed in response to high-profile business failures, such as Enron and WorldCom, in order to reinforce investment confidence and protect investors by improving the accuracy and reliability of corporate disclosure. It is American law but affects all subsidiaries and units worldwide. You can read all about SOX at the link.

Question: Can anyone please provide specific details on internal control compliance as related to SOX?

Answer: Specific details would be in The Sarbanes-Oxley Act of 2002 itself. Short of that, here is a write-up by AICPA on Section 404, the section that deals with internal controls.

Question: SOX Compliance certification? I am Patent Attorney and thinking of going through the SOX Compliant Certification. Is any one aware of any good institute offering certification and placement assistance ? Also, it will be great if any one with Legal background having gone through such a training could list of things to watch for. Thanks

Answer: Check this out http://www.trainingcamp.com/usa/training/soxinstitute/sox/overview.aspx?refer=overture&ad=sox&keyword=sox_compliance&OVRAW=sox%20compliance%20certification&OVKEY=sox%20compliance&OVMTC=advanced&OVADID=37101212522&OVKWID=84870220522

Question: 1.What is SOX compliance – only part related to IT?

Answer: all depends if you are in boston or chicago

Question: looking for a trainings course in compliance or SOX where you get an certificate on the end?

Answer: Try this link below - this company "Kudos" provides Sarbanes Oxley (SOX) training

Question: What are all the compliance laws for a firm's IPO? I am making a report on IPO compliance laws, and I know compliance with SOX, SEC, and 'blue-sky' state laws pertain, but I want to be certain I have each of the regulations.

Answer: web

Question: Can some one give me an overview of SOX and its different sections? Iam interested in knowing about SOX compliance act. I would like someone to be my chat buddy to guide me in learning SOX in detail. I would appriciate if any one can give me a web link where i can learn in detail.

Answer: SOX in Detail would take forever... I suggest reading about it at the SEC's website and read what the AICPA has said about it. Also there are some magazines that are always writing about SOX. To Sum it all up in a nutshell would be impossible. Although there are some rumors that SOX is going to disappear because some smart lawyer found a problem with how the PCAOB (peak-a-boo) is structured. PCAOB came from SOX and the official is not elected by the public. So they're going to try and get rid of PCAOB. We'll see though.

Question: i want to know about SOX (SARBANES OXLEY ACT) & any details about it? i want to have details of academic research and audit questionnaire on SOX compliance can anyone hellp

Answer: It's a pain in the A s s, and a waste of time. It is legislation that was enacted in the US after Enron that was intended to make certain publicly traded companies didn't end up like Enron. The problem is, the C** level people can still screw with the books and pilfer the coffers, and the SOx crap hinders the worker bees, and when was the last time you heard of a worker bee pilaging a company. I think it is also like that ISO crap in the early 90's, y2k in the late 90's a way for underacheiving consulting companies to keep their hands in the pockets of big corporations.

Question: How much an accountant makes? I graduated june 2006 with a BS In accounting. I had 2 jobs since then. My current duties includes and not limited to Month End close, Bank Recs, JE, Accruals, Reversals, Upload, Commissions, AR & AP reconciliations, P&L , Balance sheet, trial balance, In brief words I handle 90 % of the company`s close. The company I work for is a fortune 500 corporation and I work in one of its diviisions with annual sales of 50 million. I report directly to the CFO of the division. How much do you think I should be making. Any recruiters please help. My review is next monday and I need to see know how much I should settle for. I do a lot more than what I wrote. I also deal with SOX compliance, intercompany transfers, IOJVs,,, Location Los Angeles and i commute about 20 miles from home. The company total sales with all divisions about 6 billion. I work with Oracle ,,Procom ,,,I also used peachtree before in my previous job....Much Thanks

Answer: I recommend: 1) What you need to do is to check out http://www.salary.com/ The site can give you the range and median of salary based on your location, job type, tenure/level of experience, compan size, and even bonuses. 2) If you have public accounting experience (Esp. with the Big 4), CPA license, MBA, or financial analysis experiece, then you may be worth more. 3) And don't expect to be able to make a huge jump so soon (1 year out of school). Typical accounting track takes 3 to 5 years to move up to the next level. Doing a lot of different functons signifies great exposure but that also means you don't have the specialty or dedicated experience in one area. I am not trying to discourage you, just don't want you to have unrealistic expectations going into a review and get disappointed or bitter if you don't get it. With all that said, you sould definitely try for a good raise. I recomend that you have a list of accomplishments, your achieving prior-set goals and objectives, planned areas of improvement, and goals and objectives for next year going into the review. You can even provide one for your boss to "influence" what he puts into your evaluation. Good luck! Just Be!

Question: Is there a "Sarbanes Oxley for Dummies" reference out there? Or some really simple reference available? A co-worker keeps quoting "sox compliance" and I want to be able to reference the source she is quoting.

Answer: As a matter of fact, there is! http://www.amazon.com/Sarbanes-Oxley-Dummies-Business-Personal-Finance/dp/0471768464 I think I'll buy one myself, I work in accounting and we get a lot of these quotes throughout the day as well. Very frustrating when they don't make it clear what the rules are. The author of the book also has a website with a message board: www.abtechlaw.com (click the SOX tab) You can get answers to your questions from attorneys, auditors, governance officers and other SOX professionals.

Question: Are we on the cusp of another internet boom? There's been a lot of talk of lately "Internet 2.0". Also there are more and more compliance laws like SOX arriving. If yes, will the stock market go nuts again?

Answer: The Internet 2.0 boom is happening in a strange way. Most of these startups are acquired before they IPO. For the stock market to go nuts, I think two things need to happen. 1) Content must explode at a faster rate than it is currently (such as more people contributing to sites like this or more of data-driven sciences, like geology, biology) 2) Brick and Mortar shops must get into this social web 2.0.

Question: Mail/Package Inspection at Work - Is It Legal? My company is instituting a policy where they open/inspect all packages (even personal deliveries) sent to the office. Naturally, being at work during FedEx/UPS delivery hours, most of us have everything sent here. I find this new policy to be a tremendous invasion of privacy, and I'm wondering if it's legal for them to go through mail/packages that are clearly addressed to me (and not my company). I've been here for 2 years, and our building has never had any security issues (and there aren't any that I'm aware of) - folks are claiming this has to do with SOX compliance, but I know that doesn't include personal mail. It's not like I'm having anything nefarious delivered, but I don't want the receptionist seeing what I'm ordering/how much I'm spending/etc. as a matter of principle. If anyone could provide any clarification, it'd be much appreciated. Thanks!

Answer: As long as it's being delivered to their property, they have the right to inspect it. Just like you can inspect anything delivered to your property (excluding rental property, as tenant laws are different). For a private company to inspect mail being delivered to their property is no different from many companies inspecting private emails sent to the on-the-job email address. My husband works for a company like this. They have never had security problems, but they are a wholesale funding company and want to prevent anyone's financial information from getting stolen. So all packages going in and out of the building are inspected, as are all emails going to or from the office. Their computer screens are also monitored, because they have to have internet access for some of their work, so they monitor which site the employees are on to make sure no one is going to 'unapproved sites'. In today's world of industrial espionage, identity theft, etc, this type of policy is becoming standard by companies looking to protect themselves now and in the future.

Question: Looking for feed back on my resume!? Looking for feedback, suggestion, recommendations on my resume. Can't seem to land any interviews with it. SUMMARY Senior Network Specialist with more than 10 years experience in various aspects of information systems including security, monitoring and compliance, network administration, application development and implementation. Proven ability to manage all phases of network installation and administration. A highly respected team member with a demonstrated ability to learn and implement new technology. Exceptional technical-to-business communication skills; able to clearly explain technical subject matter to business owners and users. PROFESSIONAL EXPERIENCE ZENITH INSURANCE COMPANY, Woodland Hills, CA1996 to 2009 Senior Network Specialist(2008-2009) End to end support in a diverse enterprise computing environment. Ensured computer hardware and the network infrastructure were properly maintained in an environment consisting of 19 locations and over 350 servers nationwide. Performed day to day administrative duties such as configuration, performance monitoring, user account creations/deletions, file permission, and group memberships. Built, configured and installed servers, networked printers and print servers based on company policy and standards. •Monitored servers and various networked devices using Solar Winds and Insight Manager. •Ran and created custom reports using Solar Winds. •Demonstrated experience providing end-user support for large corporate applications in a networked environment. •Documented internal IT procedures related to reviewing window server logs. •Responsible for analyzing and writing weekly reports for server logs of core Zenith servers. •Performed server support in an HP environment including but not limited to server builds, troubleshooting, patching and upgrades. •Supported scan to file on OCE copier/printers. Security Engineer I(2005-2008) IT focused security and Sox compliance duties across 2 core datacenters and 19 remote sites. Implemented and supported Zenith’s Incident Management System for various departments utilizing Archer-Technologies’ SmartSuite Framework. Managed the organization and filing of key documentation; performing regular assessments of IT compliance and adherence to established policies and processes; supporting audits through the collection of required documentation. Performed annual and quarterly Vulnerability Assessments as needed on Web servers, Unix Servers, Window Servers, War Dialing, Wireless and Databases. •Audit team member with recurring reports to both the CIO and head of Corporate Compliance •Worked on a team to research, and implement a database vulnerability-scanning tool. •Created and implemented a key database within Archer for tracking information related to network servers, databases and Zenith core application’s to assist Zenith’s Internal IT Auditors. •Monitoring and reporting for SOX compliancy which involved building and executing security tests, and investigating exceptions generated from the following systems: Antivirus Activity Reports, NetIQ Security Reports, Tripwire file system integrity reports, Configuresoft Patch Reports, Employee & Temp Termination Reports, VPN Configuration & Security Reports, Active Account Reviews, Snort Reports and Guardium Database Activity Reports. •Created and implemented report tracking system within Archer to track IT responses related to the weekly Monitoring and Compliance reports. ZENITH INSURANCE COMPANY, Woodland Hills, CA (cont.) Network Specialist(1996-2005) Systems engineer focused on maintaining system uptime and availability across a diverse product set. Ensured computer hardware and the network infrastructure were properly maintained in an environment consisting of 15 locations and over 350 servers nationwide. Performed administrative duties such as user account creations/deletions, file permission, and group memberships. Built, configured and installed servers, networked printers and print servers based on company policy and standards. •Exchange 5.5 Email Administrator for the Western Region providing support for Exchange servers at both network and user levels. •Implementation and support of all Blackberry wireless devices and server for Western Region. •Support for various server based applications – Legal Solutions Plus, Smart-Comp Mod Calc. •Day to day administrative duties such as user account creations/deletions, file permission. •Implemented scan to file on OCE copier/printers. •Averaged the 2nd highest ticket close ratio across the corporate IT teams. TECHNICAL EXPERTISE •Solar Winds•GFI Languard•Blackberry Server/Devices•AppDetective Pro •Insight Manager•Trip Wire•Win 2000/2003 Server•NetIQ •MS Office Suites•Guardium•Exchange 5.5•Archer SmartSuite Frameworks •Visio•Front Page•TCP/IP•SMTP •POP3•SNMP•DHCP/ DNS TRAINING Archer-Technolog

Answer: Bruno, I found a list of temp work resources that can help. http://www.temporaryjobemploymentagencies.com