Understanding the Sarbanes-Oxley Act
e) Each server will have a log book that will be used to document any reported
problems or adverse
f) event observations made during visits to the server room by any IT staff
member or system administrator. The log books are used to document er-
rors that are discovered outside routine monthly maintenance, and for any
configuration changes to each server or its key applications.
g) The server log books will be reviewed annually by IT management.
a) Attachment IT-FR-003: "Generic Network Server Maintenance Electronic
System Account Management
GENERIC COMPANY, INC.
TITLE: SYSTEM ACCOUNT MANAGEMENT
1 of 5
a) To define Generic's procedures regarding user account management for the
a) This procedure applies to the Generic computer system and administrative
and user accounts for use on that system.
a) Generic's IT department is responsible for preparation of this SOP.
b) Generic's IT department is responsible for administering the accounts for
the Generic computer system (i.e., system administrator).
c) Generic's IT management is responsible for approving this procedure.
d) The relevant department manager is responsible for approval of access
and denial of access privileges, as indicated on the Employee Information
Profile form and the Employee Departure form.
e) The Controller or CFO is responsible for annually reviewing user access
within the accounting system.