Sarbanes Oxley Act (SOX) linkage to a documented QMS - Detailed Procedures Required?

RoxaneB

Super Moderator
Super Moderator
#11
Al Rosen said:
Roxane, if your company is not traded on a US exchange, you are not affected.
We are. The reason for my grammatical tenses was that our Financial Department has not yet put things into the doc control system yet (but they do have plans to do so). Naturally, how they wish to do this, when they wish to do and what they wish to update has not yet been communicated to me.;)
 
Elsmar Forum Sponsor

Al Rosen

Staff member
Super Moderator
#12
RCBeyette said:
We are. The reason for my grammatical tenses was that our Financial Department has not yet put things into the doc control system yet (but they do have plans to do so). Naturally, how they wish to do this, when they wish to do and what they wish to update has not yet been communicated to me.;)
You're gonna love it!
 

Raffy

Quite Involved in Discussions
#13
Hi,
Basically from my previous company I've heard this Sarbanes Oxley. We are a TS16949 Certified company. I just would like to know, how this SOX would affect us? Was this a requirement for our finance dept? :confused: Please enlighten me.

Best regards,
Raffy
 

Wes Bucey

Quite Involved in Discussions
#14
The short answer is that SOX is a financial reporting requirement ONLY for publicly traded companies which have the shares of their company traded in the United States and thus subject to the United States Security and Exchange Commission.

If you look at some of the ads surrounding this thread, you will see opportunities to download much more information on this subject IF your company is publicly traded in the United States - otherwise, there is no reason to concern yourself except as idle curiosity.
 
Last edited:
J

johnwalz

#17
SOX for Small and unlisted Businesses

Wes Bucey said:
The short answer is that SOX is a financial reporting requirement ONLY for publicly traded companies which have the shares of their company traded in the United States and thus subject to the United States Security and Exchange Commission.
On the other hand, if your small and unlisted company has a quality management system with quality objectives of growth, then at some point the management will have “public” decisions to make
. raise public funds,
. become listed on a stock exchange,
. become acquired by a larger company
In these public cases, your company's financial records and controls will be scrutinized for accuracy and transparency. This is where the Sarbanes-Oxley (SOX) discipline is required.
Why not start today with accurate and transparent operational records for the finance and accounting departments to summarize for top management and the board of directors?
 
N

neocorsten

#18
Re: Sarbanes Oxley Act (SOX) linkage to a documented QMS - Detailed Procedures Requir

I am about to try to integrate the 2 in the QMS for my company. I do agree with a lot of what has been said in the pro of merging the stds and in the cons of doing so.

To summarize a bit

CONS
Merging both can:
  • increase confusion during audit
  • REALLY frighten the Finance and Quality guys and will require some education
  • lead to a bad SOX implementation and also bad QMS design (and that is where I am looking forward to see a more flexible QMS but the coming revision should deal with it.... somewhere btw 2008 and 2010...)

PROS
Merging both will:
  • make a lot of sense in the systemic process approach
  • considerably improve the updating process
  • save a lot of time
  • help the six sigma initiatives
  • improve the leadership because of the roles and responsibilities that have to be defined AND applied with DISCIPLINE.

Forget about the QMS, forget about SOX. What does make sense? Having a clear process structure, well defined with appropriate controls and measurements. In Six Sigma, you need to have the current process, you need to have sound measurements, and you should be able to control.
Do we make a distinction between Finance and the shop floor? No (otherwise you've understood nothing about six sigma) They are processes with inputs and outputs and they have risks and you should have controls to cover them. SOX risks are not only in the Finance department. They are in almost all the functions, on many different processes.

Now if you want to describe twice how you define the processes in your company, how you control and measure them, that is your choice, but it makes sense to have one document that just says this is our process design framework with:
  • the process itself (flowchart+narrative with RACI/description step by step/controls/KPI/...)
  • SOX RCM linked to the process (flowchart and narrative)
  • QMS Control plan (the classic control plan)
  • Audits for both RCM and QMS Control plan
  • Measurements (strategic planning that flows down to procedure level. Six Sigma Y=f(X) basic tool)

And I don't see what in the QMS will be an issue in doing that. And if you struggle, feel free to add a section. After all, you won't suffer from being better than the simple QMS requirements.
 
C

Camit0212

#19
Re: Sarbanes Oxley Act (SOX) linkage to a documented QMS - Detailed Procedures Requir

Hi,

I am just new on this forum...

I tried to search regarding SOX compliance as how it could be integrated to QMS and found this thread. Although my question may not be directly related to the topic being discussed in this thread....My initial question so far is that, if we are certified to ISO 9001:2000 and implementing the SOX at the same time - do we need to mention that our company is also implementing controls for SOX compliance in our Quality Manual? Because as I could classify it- SOX may be under the regulatory compliance that our company should be compliant with (since our mother company is publicly listed in New You Stock Exchange). Thus, does it makes sense that we mention it in our Quality Manual?

Please advise... Thanks!!!
 
Last edited by a moderator:
N

neocorsten

#20
Re: Sarbanes Oxley Act (SOX) linkage to a documented QMS - Detailed Procedures Requir

It depends, if you have to be registered in ISO9001 (because this is not mandatory, not all companies are) then SOX controls come under the QMS in theory. In reality, ISO9001 auditors are not supposed to validate that the company is in compliance with all the regulatory norms and laws. You can't ask an ISO9001 auditor to be a SOX expert or have expertise in any other specific domain.

If you are running a QMS, the knowledge management part of it (document control) can be used to link business processes with the SOX requirements by providing a standard framework.

I would probably not mention SOX in the Quality Manual (or Business Policy Manual) and it is not a requirement of the standard. If you want to mention it you can. I would rather create a procedure or a guideline document which would set a framework to maintain the SOX compliance on your site. Hope it helps.
 
Thread starter Similar threads Forum Replies Date
S Project from Compliance Scope - Sarbanes-Oxley Act Coffee Break and Water Cooler Discussions 5
S SOX (Sarbanes-Oxley Act) within an organization Various Other Specifications, Standards, and related Requirements 6
Marc Definition SOX - Sarbanes Oxley Act of 2002 - US Specific Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 2
Q SOX (Sarbanes-Oxley Act) and QA (Quality Assurance) relationship Presentation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
M Internal Audits & Sarbanes-Oxley ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
Marc Execs tell regulators Sarbanes-Oxley (SOX) Costs exceed Benefits World News 0
W Sarbanes-Oxley - Procedures for compliance of IT processes in a public company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
1 Should I be concerned about Sarbanes-Oxley requirements affecting my ISO9001:2000 QMS Various Other Specifications, Standards, and related Requirements 6
RoxaneB Sarbanes-Oxley : Details requested on environmental connections Miscellaneous Environmental Standards and EMS Related Discussions 2
Wes Bucey Sarbanes-Oxley (should your company stay public?) Misc. Quality Assurance and Business Systems Related Topics 4
Govind Sarbanes-Oxley integration with existing QMS (Quality Management System) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
S Mechanical Test Under FDA Freedom of Information Act Medical Device and FDA Regulations and Standards News 5
dgrainger Informational Medicines and Medical Devices Act 2021 UK Medical Device Regulations 0
K Why 'FD&C act section number' and 'section number' in the title of the act are different? US Food and Drug Administration (FDA) 1
S California Cleaning Product Right to Know Act - Product Label advice needed Miscellaneous Environmental Standards and EMS Related Discussions 1
M Informational EU draft act – Single-use medical devices – safety and performance requirements for reprocessing Medical Device and FDA Regulations and Standards News 0
Q Buy American Act - COTS confusion Manufacturing and Related Processes 7
lilybef Medical Devices & US TAA (Trade Agreement Act) Compliance - 2019 Hospitals, Clinics & other Health Care Providers 5
M Informational FDA Classifies Suitable Accessories into Class I as Required by the FDA Reauthorization Act of 2017 Medical Device and FDA Regulations and Standards News 0
M Informational USFDA – FDA Modernization Act of 1997: Modifications to the List of Recognized Standards, Recognition List Number: 051 Medical Device and FDA Regulations and Standards News 0
C Person Responsible for Regulatory Compliance - The RA guy/girl Employment Act EU Medical Device Regulations 4
M FDA News USFDA Final Rule – Medical Device Classification Procedures: Incorporating Food and Drug Administration Safety and Innovation Act Procedures Medical Device and FDA Regulations and Standards News 0
A Why Quality functions (QA, QC) should act independently ISO 13485:2016 - Medical Device Quality Management Systems 2
B Where can I find an English version of Japan's PMD Act? Other ISO and International Standards and European Regulations 2
E PMDA Act, Nov 2014 revisions - source in English? Japan Medical Device Regulations 3
J Vanessa's Law (Protecting Canadians from Unsafe Drugs Act) Canada Medical Device Regulations 1
V Internal Audit using Plan, Do, Check, Act - Way to go? Internal Auditing 11
M TSCA (Toxic Substances Control Act) and Other World Toxicity Laws Miscellaneous Environmental Standards and EMS Related Discussions 1
T Changes on the Medical Devices Act in Korea announced on MFDS web site Other Medical Device Regulations World-Wide 1
somashekar BAA (Buy American Act) and the future of Asian Economy Business Continuity & Resiliency Planning (BCRP) 15
R HIPAA (Health Insurance Portability and Accountability Act) applicability Other US Medical Device Regulations 3
AnaMariaVR2 Mammography Quality Standards Act and Program US Food and Drug Administration (FDA) 1
AnaMariaVR2 Generic Drug User Fee Act (GDUFA) US Food and Drug Administration (FDA) 0
Y Malaysia Medical Device Act: GDPMDS Other Medical Device Regulations World-Wide 14
Marc Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA) After Work and Weekend Discussion Topics 21
K 820.180(b) Record Retention - Does it apply here? We act as the initial Importer 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
somashekar How is "Made in USA" act applicable to Medical Devices US Food and Drug Administration (FDA) 14
A Safety Culture in Top Management - The Workplace Safety & Health Act Quality Manager and Management Related Issues 25
D Are we required to obtain ISO-13485 to act as a Sales Channel for Medical Devices ISO 13485:2016 - Medical Device Quality Management Systems 3
M Webinar on Implementing the Food Safety Modernization Act Food Safety - ISO 22000, HACCP (21 CFR 120) 0
W Definition of Manufacturer, Sponsor, Distributor in Australia Therapeutic Goods Act Other Medical Device Regulations World-Wide 19
hogheavenfarm Rail Disabilities Act Requirements question (Passenger Entrances) - Anyone help? Manufacturing and Related Processes 1
T Export "Simple Notification" required by the FDA under Section 802 of the Act Other US Medical Device Regulations 3
G Dangerous Act - Auditor says major nonconformance for safety (risk) issue Occupational Health & Safety Management Standards 21
K What is an ARA (American Recovery Act) document? Customer Requirement Quality Manager and Management Related Issues 4
P Plan-Do-Check-Act-Anticipate Cycle ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 50
M Is it okay for the QMR to act as the Lead Auditor as well? Internal Auditing 8
G TSCA (Toxic Substances Control Act) Inventory List - Details and Samples? Various Other Specifications, Standards, and related Requirements 6
M Data Protection Act that publishes information within the general factory area Records and Data - Quality, Legal and Other Evidence 3
Marc Breast Cancer Patient Protection Act of 2005 (S 910/HR1849) Coffee Break and Water Cooler Discussions 0

Similar threads

Top Bottom