Understanding the Sarbanes-Oxley Act
a) A user of the accounting system who desires a change to the system will com-
plete a copy of form IT-FR-006. This form should be submitted electronically.
(The IT department can also initiate change requests as appropriate.)
i) The user should clearly describe the change desired. When appropriate,
he or she should include mock-ups of the desired change. For example,
when requesting a new report, the requestor should mock up how the
report should look when done.
ii) The requestor then forwards the IT-FR-006 form to the IT department
member responsible for maintaining the accounting system.
b) An IT department Project Manager will be designated. Typically, this will
be the individual responsible for maintaining the accounting system.
c) The IT Project Manager will review the change request and any attached
examples or illustrations, and will analyze the requested change, including:
ii) Sources of appropriate existing data in the system
iii) Capability of in-house personnel to perform the change or availability of
external personnel to carry out the change
iv) Impacts to integrity of system data or other system programs
v) Impacts to system security
vi) Impacts to disaster recovery procedures
Testing and acceptance procedure(s), including pseudocode when testing
will be primarily programmatic
viii) Estimating effort hours and/or direct costs to perform the change and
ix) Estimating available schedule
d) The IT Project Manager will then print the form and associated information,
sign it, and forward to the Controller or CFO.
e) The Controller or CFO is responsible for reviewing each change request
form and approving it. The approved change request is returned to the IT
f) The IT Project Manager will then initiate the change and will oversee the
change through to completion, which includes testing and acceptance of the
change as described in the IT-FR-006 form. The IT-FR-006 change form is
then stored by the IT department along with any associated documentation.