1. Set responsibility for IT risk management.
2. Set objectives and define risk appetite and tolerance.
3. Identify, analyse and describe risk.
4. Monitor risk exposure.
5. Treat IT risk.
6. Link with existing guidance to manage risk.
Developing good IT risk Management is a key to successful Sarbanes Oxley Implementation, and above all the basic six activities that support them.
Popularity: 11% [?]
1. According to a McKinsey Study, investors in North America and Western Europe will pay a premium of 14 percent for companies with good governance
2. The difference in stock market value for companies that had good internal controls versus those that did not is 33 percent.
3. AMR Research predicted that companies would spend $29.9 billion on compliance initiatives in 2007 alone, up 8.5 percent from the previous year, indicating that GRC spending continues to grow as companies cope with the myriad challenges in this area. (more…)
Popularity: 22% [?]
1. Depositing cash and reconciling bank statements
2. Approving time cards and distributing paychecks
3. Preparing an order and changing a billing document
4. Changing an order and creating a delivery
5. Creating a journal entry and opening a closed accounting period
6. Creating general ledger accounts and posting journal entries
7. Maintaining accounts receivable master data and posting receipts
8. Maintaining bank account information and posting payments
9. Maintaining assets and creating a goods receipt (more…)
Popularity: 19% [?]
1. A better control environment, where executives set the tone for ethical behavior and employees follow suit
2. Facing the mountain of documentation required by SOX means making improvements to procedures and employees’ understanding of these procedures
3. The Audit Committee takes its role seriously
4. Functions converge, processes become streamlined and standardized
5. The reduction of needless complexity (more…)
Popularity: 13% [?]
To date, the PCAOB and external auditors reviewing compliance with Sarbanes-Oxley have been attentive primarily to security, change management, and problem management. A key focus for the audit is integrity of the technology infrastructure for processing, storage, and communication of financial data. This is especially true when financial reports are generated from a data warehouse fed by multiple accounting and business operation systems.
Ownership of IT controls may be unclear, especially for application controls. Therefore, the audit in each area must integrate automated and manual controls at the business-process level. (more…)
Popularity: 16% [?]
Powered by WordPress