It is a requirement under the US stock exchange regulation to comply with SOX, hence Arch Reinsurance being a publicly held company needs to follow the act. The IT manager for Arch Reinsurance considers automation to be a successful approach towards compliance of SOX. The company hires limited staff and resources and to cover it up, proper internal controls are to be managed by the company by automating control procedures at the company. Like many other companies, Arch Reinsurance Ltd have also spent a hefty amount on SOX related compliance proposal. According to the IT manager of Arch Reinsurance Ltd, it would have been really difficult for the company to sustain SOX compliance if automation was not followed, for him; the vital area of concern was to control access to financial systems and other applications. This is done by keeping a proper log and change management system, proper record is kept of every log-in, log-out and every possible activity done by the staff in the system. Proper security is also kept to ensure that only authorized personnel get to log in to the system. A review is done by the manager and his staff of daily reports produced by the data center monitoring tools. These reports are later presented to SOX auditors during compliance testing. Like every company, Complying with SOX has been expensive and time consuming at Arch Reinsurance Ltd.
Though the staff is limited in number, the control procedures followed at the company decreases its vulnerability to internal control failures. The procedures followed are quiet extensive as the IT manager has abundant knowledge of company data center operations. The main theme is to strengthen the internal control systems by automating the procedures and activities at Arch Reinsurance Ltd.
While conducting an audit, the auditor should identify the control procedures to avoid any material