What do you think about the impact of SOX implementation for infosec governance? Gurpreet Dhillon and Sushma Mishra from Virginia Commonwealth University, USA said that SOX has created challenges and set new standards for IT governance in companies. To fully comply with the law, companies will need to improve information quality to insure transparency and […]
Popularity: 100% [?]
There are a lot of definitions of IT risk, below is the definition of IT risk from Sarbanes Oxley perspective. But, before let you know that every business venture is basically risky. In new business ventures and new product development, there are unknown factors and their impacts on the venture are equally unknown. The unknown […]
Popularity: 47% [?]
During Sarbanes Oxley compliances the auditor should perform a walkthrough against internal control. So what is walkthrough? Michael Ramos in his book about SOX implementation said that basically a walkthrough is a procedure in which trace a transaction from its origination through the company’s information processing system, and all the way to its reporting in […]
Popularity: 57% [?]
The first question arises from my client after having brainstorming or preliminary meeting about Sarbanes Oxley compliance is: How long? Since the SOX impact is cover almost every significant application and department related with financial reporting. And since SOX implementation is quite new, so this common question always arrived in their mind.
Based on common practice, […]
Popularity: 43% [?]
Since first time Sarbanes Oxley act enacted, there are many stories about SOX implementation in every company. Both sharing the same story about the happy and the sad part of implementing what so called Risk Control Matrices, IT General Control, and Application Control. Here is ten sign for successful SOX implementation.
1. Number of control implemented […]
Popularity: 37% [?]
Confuse implementing SOX IT Section, here is six question that every SOX auditor should answer
1. Has the organization established an IT-specific internal control framework to guide its section 404 compliance activities with respect to IT?
An IT-specific internal control framework provides vital structure to an organization’s effort to develop and maintain effective internal control in its […]
Popularity: 18% [?]
Taken from discussion in 5 reasons why implementing Sarbanes Oxley Act is very very difficult. I’m quite agree for the explanation. Do you have any other suggestion?
For the latest two year, I have been working with Sarbanes Oxley section 404 especially in IT general control. I have been working both in design Risk Control Matrices […]
Popularity: 15% [?]