|
To smooth the difficult path to regulatory-compliant-IT implementations, suggestions are provided in the areas of leadership, useful resources to be consulted, the role of external auditors (who under federal law cannot be assigned the role of consultant), finding suitable solutions, knowing the life of a document, gaining control over operational systems and user access, advantages of some solutions highlighted, and times when the IT chief has to say no to management and auditors. An analyst says Its driving everyone batty. I hear so many IT executives complain that they cant get any definitive answers from their auditors on what to do. A company executive interviewed says its almost a catch 22 situation because executives must satisfy external auditors requirements, but they cant get any information out of the auditors as to how to proceed correctly. When Energen needed to ensure Sarbanes-Oxley 404-compliance, the company's spokesman found that SAP is highly complex, and that many things cannot be done adequately by the software in the form in which it is shipped. Energen's spokesman says users should not try to implement 404 controls from inside SAP. There are many products available that can be used, however, including software from OverSight Systems and Risk Navigator from Paisley Consulting. Energen chose Approva and was satisfied with the result.
|
Information Sources, Inc.
![[Get Copyright Permissions]](http://license.icopyright.net/images/icopy-w.gif){kind=small}