Download Free ITIL (Information Technology and Infrastructure Library) Maturity Assessment Report Templates. This Template could be used as part of your SOX/Sarbanes Oxley Assessment for IT Readiness
This ITIL Assessment Report focusing on ITIL area such as: Service Desk, Incident Management, Problem Management, Change Management, and Service Level Management. The result of this report which contain observation and finding result explained below, such as: (more…)
Popularity: 36% [?]
1. Loss of business continuity/going-concern problem. Inadvertent or deliberate corruption of EDI-related applications could a. ect every EDI transaction entered into by an organization, impacting customer satisfaction, supplier relations, and possibly business continuity eventually.
2. Loss of confidentiality of sensitive information. Sensitive information may be accidentally or deliberately divulged on the network or in the mailbox storage system to unauthorized parties including competitors.
3. Increased exposure to fraud. Access to computer systems may provide an increased opportunity to change the computer records of both a single organization and that of its trading partners by sta. of the trading parties or by third-party network
4. Manipulation of payment. A situation where amounts charged by or paid to suppliers are not reviewed before transmission. A erefore, there is a risk that payments could be made for goods not received, payment amounts could be excessive, or duplicate payment could occur. (more…)
Popularity: 36% [?]
1. Set responsibility for IT risk management.
2. Set objectives and define risk appetite and tolerance.
3. Identify, analyse and describe risk.
4. Monitor risk exposure.
5. Treat IT risk.
6. Link with existing guidance to manage risk.
Developing good IT risk Management is a key to successful Sarbanes Oxley Implementation, and above all the basic six activities that support them.
Popularity: 11% [?]
Controls surrounding third-party services should ensure that roles and responsibilities of third parties are clearly defined, adhered to, and continue to satisfy requirements. Control measures are aimed at reviewing and monitoring existing contracts and procedures for their effectiveness and compliance with organization policy. The dissolution of a major contract could have significant impact on financial reporting. Thus it would fall within the guidelines for disclosure by the company officers.
During an audit, company organizations often will contend that they are not responsible for a given control because either the function is outsourced or the software was purchased from and maintained by a third party. According to legislative guidelines, a company can outsource service but not the responsibility for control of that service. It is next to impossible for a company to outsource problems and expect the problems to go away.
Documentation of the third-party controls is required for attestation by the independent auditor, so an assessment must determine the effectiveness and completeness of the service organization’s internal controls. If SAS 70 or similar audit opinions do not include controls testing, results of the testing, and the third-party service auditor’s opinion on control effectiveness, the reports are not sufficient for Sarbanes-Oxley compliance. Companies should be sure to note whether the specific environment, platforms, and applications used in fulfillment of the outsourced services are covered by the SAS 70 (or similar audit) reports. (more…)
Popularity: 9% [?]
Everyone talks about Sarbanes-Oxley (SOX), but it’s certainly not the only law shaping governance today. Numerous countries have enacted legislation to improve governance. As with the United States, many of these countries have passed legislation in response to the outcry over corporate scandals. Although they differ by name, the laws passed by various countries have similarities, namely with regard to establishing internal controls and effecting improved financial reporting:
Japan: J-SOX:
On June 7, 2006, Japanese legislators passed the Financial Instruments and Exchange Law, part of which includes the so-called J-SOX requirements. The two main components of the J-SOX legislation are the “Evaluation of and Reporting on Internal Control for Financial Reports,” which forces management to assume responsibility for developing and operating internal controls, and the “Audit of Internal Control for Financial Reports,” in which a company’s external auditor, aside from its regular auditing duties, must conduct an audit of management’s evaluation of the effectiveness of internal control for financial reports. The J-SOX requirements took effect starting in April 2008.
Canada: Bill 198:
Bill 198, also known as CSOX, became effective on October 1, 2003. Its formal name is “Keeping the Promise for a strong Economy Act (Budget Measures), 2002.” This bill requires companies to “[create and] maintain a system (more…)
Popularity: 12% [?]