|
A discussion is provided of Sarbanes-Oxley compliance as an IT task and business opportunity. No part of the Sarbanes-Oxley Act directly speaks to IT, but requirements of the Act involve work by IT, even though IT does not receive any specific Committee of Sponsoring Organizations (COSO) controls for IT. COBIT has emerged as a standard from the COSO practice and assists in translating COSO into actions that are applicable to the IT organization. In general, COBIT covers planning and organization, acquisition and implementation, delivery and support, and monitoring and evaluation. Other standards that companies may use when defining compliance controls include ITIL and Six Sigma. In addition, auditors often view the COBIT framework as a useful template when assessing the internal controls of an IT department. Similar, but general IT controls can be defined to deal with areas identified by the company to be crucial to final infrastructure. Such should include financial transaction flow, potential for fraud or data corruption, and IT infrastructure control over financial systems. Because of Sarbanes-Oxley, companies are forced to tackle the sticky issue of change management. Topics covered include four phases of graduated monitoring, closed loop change management, and the return of auditors, which is required to demonstrate ongoing adherence and commitment.
|
Information Sources, Inc.
![[Get Copyright Permissions]](http://license.icopyright.net/images/icopy-w.gif){kind=small}