http://www.sarbanesoxleyfocus.com SOX Section 404 Download Resources Sat, 18 Sep 2010 09:52:46 +0000 http://backend.userland.com/rss092 en A SAS-70 (Statement Auditing Standards 70) is an audit that must be conducted by a public accounting firm, and the team that performs the audit must be made up of and supervised by CPAs. That being said, many firms require SAS-70s to be performed because they process financial transactions on ... http://www.sarbanesoxleyfocus.com/what-is-sas-70-report/ Some of direct or indirect benefits of ITIL/ITSM for Sarbanes Oxley (SOX) 404: 1. Sarbanes Oxley Act or SEC give no clear guidance for IT, so most of the CIO will enable the IT Infrastructure Library (ITIL), to ensure that their processes for supporting financial data are sound. 2. Sarbanes Oxley Act ... http://www.sarbanesoxleyfocus.com/itilitsm-benefits-for-sarbanes-oxley-sox-404/ Download Free ITIL (Information Technology and Infrastructure Library) Maturity Assessment Report Templates. This Template could be used as part of your SOX/Sarbanes Oxley Assessment for IT Readiness This ITIL Assessment Report focusing on ITIL area such as: Service Desk, Incident Management, Problem Management, Change Management, and Service Level Management. The result ... http://www.sarbanesoxleyfocus.com/itil-maturity-assessment-report-templates/ Download free Taxation Testing Control Matrix and SOD Templates. This templates covers Major process in Taxation cycle which are: - Verification of Income Tax - Verification of Accuracy of Tax Calculation - Review and Ensure the the Tax Calculation is follow the standards Segregation of Duties between: - Authorization - Custody of Assets - Recording - Control Activity This ... http://www.sarbanesoxleyfocus.com/taxation-testing-control-matrix-and-sod-templates/ Download Free Legal Checklist for IT Service Provider. This checklist could be used for Law, Legal and Compliance requirements related with the IT Service Provider 1. Incorporation/Partnership Documents 2. Financial Documents 3. Financing Documents 4. Process for Handling Customer Contracts 5. Process for Handling Vendor/Supplies Contracts 6. Legal Terms and Condition - Standard Forms - Service Levels - Third-Party ... http://www.sarbanesoxleyfocus.com/legal-checklist-for-it-service-provider/ Download Free IT Risk Mitigation Templates for Sarbanes Oxley compliances purpose or others related Regulatory Compliance that require an IT Risk Mitigation, this template is created using NIST-SP 800:30 standard for Risk Management Guide for Information Technology Systems. Including Prioritize Actions, Evaluate Recommended Control Options, Conduct Cost-Benefit Analysis, Select Control, ... http://www.sarbanesoxleyfocus.com/download-free-it-risk-mitigation-templates/ Download free IT Risk Assessment Template, this template give you simple guidance how to measure impact and likelihood for your IT Risk Management. Risk assessment is a step in a risk management process. Risk assessment is the determination of quantitative or qualitative value of risk related to a ... http://www.sarbanesoxleyfocus.com/it-risk-assessment-template-free-download/ Segregation of Duties should be enacted properly especially in the area that having a high risk level. Below sample of the SOD Matrix template that can be used to make your own segregation of duties matrix. Some of the key profile that covered in this templates are: Accounts Payable, Check ... http://www.sarbanesoxleyfocus.com/segregation-of-duties-template-free-download/ 1. Loss of business continuity/going-concern problem. Inadvertent or deliberate corruption of EDI-related applications could a. ect every EDI transaction entered into by an organization, impacting customer satisfaction, supplier relations, and possibly business continuity eventually. 2. Loss of confidentiality of sensitive information. Sensitive information may be accidentally or deliberately divulged on the ... http://www.sarbanesoxleyfocus.com/top-13-electronic-data-interface-edi-security-risk/ 1. Weak security 2. Unauthorized access to data 3. Unauthorized remote access 4. Inaccurate information 5. Erroneous or falsified data input 6. Misuse by authorized end users 7. Incomplete processing 8. Duplicate transactions 9. Untimely processing 10. Communications system failure 11. Inadequate training 12. Inadequate support http://www.sarbanesoxleyfocus.com/top-12-application-control-risk-and-what-could-go-wrong-wcgw/