1. Weak security
2. Unauthorized access to data
3. Unauthorized remote access
4. Inaccurate information
5. Erroneous or falsified data input
6. Misuse by authorized end users
7. Incomplete processing
8. Duplicate transactions
9. Untimely processing
10. Communications system failure
11. Inadequate training (more…)
Popularity: 29% [?]
For most organizations, IT services are now a vital part of the financial reporting process. The applications and services support creation, storage, processing, and reporting of financial transactions. Therefore, Sarbanes-Oxley compliance also must include controls for the use of technology in data handling, processing, and reporting. General computing controls thus are critical to the overall financial reporting process in ensuring data integrity and secure operations. IT departments now must formally address the design, documentation, implementation, testing, monitoring, and maintaining of IT internal controls.
The CEOs and CFOs look to the information services department to ensure that the general and specific internal controls for all applications, data, networking, contracts, licenses, telecommunications, and physical environment are documented and effective. Overall risk and control considerations are assessed at the departmental level of information services and then at the entity level. Entity-level review may vary depending on the following questions: (more…)
Popularity: 10% [?]
Below top 10 tips how to build effective application control for your information system audit, sarbanes oxley audit or just want to improve your internal application security controls:
1. Apply defense-in-depth.
2. Use a positive security model.
3. Fail safely.
4. Run with least privilege.
5. Avoid security by obscurity.
6. Keep security simple. (more…)
Popularity: 10% [?]
This form summarizes the nature and timing of the involvement of the company’s principal executive officer and its principal financial officer in the company’s process for assessing internal control effectiveness.
Project Planning
1. Review the composition of the project team and satisfy yourself that
a. The team as a whole has the skills to perform the work competently.
b. The project manager has sufficient status within the company to ensure sufficient internal control testing coverage and adequate consideration of, and actions on, the findings and recommendations of the individuals performing the testing.
Download
source: SOX Implementation Toolkit, Michael Ramos
Popularity: 19% [?]
Powered by WordPress
