1. Loss of business continuity/going-concern problem. Inadvertent or deliberate corruption of EDI-related applications could a. ect every EDI transaction entered into by an organization, impacting customer satisfaction, supplier relations, and possibly business continuity eventually.
2. Loss of confidentiality of sensitive information. Sensitive information may be accidentally or deliberately divulged on the network or in the mailbox storage system to unauthorized parties including competitors.
3. Increased exposure to fraud. Access to computer systems may provide an increased opportunity to change the computer records of both a single organization and that of its trading partners by sta. of the trading parties or by third-party network
4. Manipulation of payment. A situation where amounts charged by or paid to suppliers are not reviewed before transmission. A erefore, there is a risk that payments could be made for goods not received, payment amounts could be excessive, or duplicate payment could occur. (more…)
Popularity: 36% [?]
For most organizations, IT services are now a vital part of the financial reporting process. The applications and services support creation, storage, processing, and reporting of financial transactions. Therefore, Sarbanes-Oxley compliance also must include controls for the use of technology in data handling, processing, and reporting. General computing controls thus are critical to the overall financial reporting process in ensuring data integrity and secure operations. IT departments now must formally address the design, documentation, implementation, testing, monitoring, and maintaining of IT internal controls.
The CEOs and CFOs look to the information services department to ensure that the general and specific internal controls for all applications, data, networking, contracts, licenses, telecommunications, and physical environment are documented and effective. Overall risk and control considerations are assessed at the departmental level of information services and then at the entity level. Entity-level review may vary depending on the following questions: (more…)
Popularity: 10% [?]
Because of European corporate scandals comparable with those in the United States, the EU Commission is imposing similar requirements for improvement in auditing standards, oversight, and responsibilities by creating directives related to corporate governance, transparency, audit, accounting standards, and information services. A major difference is that the U.S. Sarbanes-Oxley Act carries fines and criminal sanctions, whereas the EU Commission does not recommend that level of enforcement.
Although the Sarbanes-Oxley legislation originated in the United States, there are ramifications for companies headquartered in other countries. Emerging European professional standards such as those established by the International Accounting Standards Board and the Basel II Capital Accord also will affect many multinational companies. (more…)
Popularity: 8% [?]
List of Log Report that required by SOX 404
- User Logon/Logoff Report : Sec 302 (a)(4)(C) and (D) - log-in/log-out monitoring
- Logon failure report
- Audit Log Access report
- Object Access report
- System Event report
- Account Mgmt report : sec 302 (a)(6)
- Audit policy changes : sec 302 (a)(5)
- User/Application/Directory or file access : sec 302 (a)(5)
Popularity: 14% [?]
This publication provides CIOs, IT managers, and control and assurance professionals with scoping and assessment ideas, approaches and guidance in support of the IT-related Committee of Sponsoring Organizations of the Treadway Commission (COSO) internal control objectives for financial reporting. Enhancements include:
- Focus on scoping and assistance in performing an IT risk assessment for (more…)
Popularity: 15% [?]