Case Study Eight: IT SOX Controls Documentation for a European Pharmaceutical Company
Summary Level
A large privately owned European pharmaceutical company with over $3 billion in revenue and limited experience with SOX compliance in the USA required audit expertise to document IT controls relative to IT operations for a division being purchased by a US company.
Details
Client’s Situation:A privately owned European pharmaceutical company with over $3 billion in revenue and limited experience with SOX compliance in the USA required audit expertise to document IT controls relative to IT operations for a division being purchased by a US company.
Accounting and Business Consultant’s Engagement Role:We were engaged to assist the IT department and the Chief Information Officer with documenting IT controls necessary for compliance with SOX.
Engagement Results:Successfully documented IT controls for SOX compliance and to mitigate risks identified surrounding the Company’s IT security including controls relating to Oracle, SAP, and EDI applications. Management was pleased with the efficiency of the risk-based approach adopted and our communication and coordination of activities during the effort, which also allowed management to properly time and plan implementation efforts with key control owners and managers.