From SOX to Compliance Documentation

Why does the way from the SOX-Act wording to procedure documentation cause so many a headache? Surely, with the request for Compliance Documentation the SOX-Act  confronts the enterprises with an unusual task: Departments normally concerned with accounting, controlling, IT and others  quite on a sudden have to deal  with  technology, law, risk management, the internal control system and so forth.

Keeping records of your internal business procedures seems to be a simple task. Everything was put in place long ago. But now it’s different. You have to ascertain integrity, prove reliability covering the whole range from basic bookkeeping events to balance data reported. The SOX text itself is professional law:  definitions are in place, everything is strict and stringent and focuses primarily on management responsibility. You are referred back to GAAP, IAS, the IT Governance Institute etc.

The problem cannot be resolved by analysing SOX and the sources referred to.  It stems from the underestimation of the task of documenting complex procedures and objects; in simple words: nobody was or is able to give us a documentation standard! Established principles and standards everywhere, but when is comes to documentation all you find is big clouds like this one. It comes from a good source. Read it carefully and you will find no help at all!

SOXWe understand the “documentation” to be the structured arrangement of picture/graphic and text objects (letting video and sound aside). This compound is intended to give an abstract, but reliable and understandable image of the constantly changing reality of the accounting and IT universe; This arrangement of “documentation objects” cannot be carried out without a model – at all; a model that complies with human gnostics easing the process of understand by abstraction. The information contents are to be conveyed to the reader’s mind fast – and find his approval.