January 18, 2005
IT Critical to Sarbanes-Oxley Success
IT managers are involved in SOX whether they thought so in the beginning or not. Security and fraud prevention are key responsibilities in IT. They are also key to an effective Sarbanes-Oxley review.
An excerpt from an article on this topic:
"Put another way, your job will be to document IT processes for computer operations, application development and maintenance, change control, as well as access to programs and data.
...Once the team finishes documenting the company's processes, it's time to start the identifying control activities and assessing control design, control effectiveness, and anti-fraud controls. To help wrap your brain around the meaning of those controls, here's a brief overview of assessment and testing.
The assessment and testing process is a two-step course of action. Test plans can only be created after control activities have been identified. At the outset, a company needs to identify its objectives, risks, and control activities for each process.
After the company's objectives are identified, IT can create test plans to assess the effectiveness of these control activities." For the complete article, click here.
For help in your Sarbanes-Oxley review project, see www.issuescentral.com to learn more about Sarbanes-Oxley Compliance Playbook(tm).
An excerpt from an article on this topic:
"Put another way, your job will be to document IT processes for computer operations, application development and maintenance, change control, as well as access to programs and data.
...Once the team finishes documenting the company's processes, it's time to start the identifying control activities and assessing control design, control effectiveness, and anti-fraud controls. To help wrap your brain around the meaning of those controls, here's a brief overview of assessment and testing.
The assessment and testing process is a two-step course of action. Test plans can only be created after control activities have been identified. At the outset, a company needs to identify its objectives, risks, and control activities for each process.
After the company's objectives are identified, IT can create test plans to assess the effectiveness of these control activities." For the complete article, click here.
For help in your Sarbanes-Oxley review project, see www.issuescentral.com to learn more about Sarbanes-Oxley Compliance Playbook(tm).
