A SAS-70 (Statement Auditing Standards 70) is an audit that must be conducted by a public accounting firm, and the team that performs the audit must be made up of and supervised by CPAs. That being said, many firms require SAS-70s to be performed because they process financial transactions on behalf of other institutions.
The SAS-70 is a specialized report format that was developed by the American Institute of Certified Public Accountants (AICPA). The format was specifically targeted at determining the adequacy of an organization’s internal controls as part of its service offering. The report covers the following areas:
- Physical security (more…)
Popularity: 31% [?]
1. Personal Gantt chart. Renders Gantt views such as those in Microsoft Project to outline each team member’s own tasks across multiple projects.
2. Task delegation. Once assigned by the project manager, tasks may be delegated from team leaders to team members or from peer to peer. A e delegation feature can also be disabled if desired.
3. View nonworking time. Team members can report nonworking time to the project manager, such as vacation or sick leave, and also report work time that cannot be devoted to the project. (more…)
Popularity: 21% [?]
What SOX need to know about IT infrastructure? It doesn’t have any relation with data integrity isn’t it?
One of my friends keeps asking me about IT Infrastructure control in Sarbanes Oxley compliance. He’s confused why a regulatory compliance released by government should control the IT infrastructure. SOX is about financial reporting data integrity, what is the relationship with IT infrastructure? He said.
Based on guidance released by ISACA, SOX actually need to review the IT Infrastructure. The control statements are:
“Controls provide reasonable assurance that technology infrastructure is
acquired so that it provides the appropriate platforms to support financial reporting applications”
At practical level, its mean that every changes or development in infrastructure should be controlled, should be approved, monitored and tested. Same as what happen in application development lifecycle.
So if your company has a SDLC (System Development Life Cycle) for application development, then the company also should prepared SDLC for IT infrastructure, in this case for operating system and databases. The IT infrastructure control usually available for capacity management, capacity planning and capacity growth.
So do you have any experience for infrastructure acquisition and maintenance? Usually the common problems for implementing this control are: (more…)
Popularity: 5% [?]