LKBrwn_DBA,

Sarbanes Oxley revolves around internal controls. In other words you have to prove to auditors that your company has controls in place to protect investors from material misstatements that could appear in financial statements. As for the company I work for, they have an internal control that is related to access rights to an area where Discoverer reports are saved. In other words, various Discoverer reports have been presented to auditors, they have approved the company's financials based upon the analytical content of these reports as well as other information. The company wants restricted access to this directory or area to ensure that a person does not make a misstake and modify a report in this directory. This is what has been explained to me by management.

The issue revolves around security over the existing Discoverer reports not the data that the reports were based upon.

God Bless.