How to choose the right SOX framework and methodology?
Since there is a lot of framework and methodology available, the company should choose the right framework and methodology that suitable for the company. Some guidance that could be used in these cases is the framework must:
1. Must be directed at the right target (more value from IT)
Since the target is for SOX compliance, the using COBIT for SOX sometimes more useful than using ISO 27001 for example. The management should measure the effectiveness using some of approach that based on the right target.
2. Must help to set the appropriate priorities,
Priority for SOX compliances are significant transactions. The chosen framework should be able to give more attention to significant transactions or activity. Selecting the appropriate priorities also would be confusing since there is a lot of interest between different departments.
3. Must be easy to use without requiring people to manipulate the system,
Framework must be easy to be understood by people from different department. Framework should also take to fulfill people aspiration to the IT.
4. Must link strategy to desirable behavior,
People behavior is other important issue will be arise from the implementation of IT framework and methodology
5. Must fit inside your complete organizational management
Synergy between other organizational management must be developed. If the organizational already implemented a organizational framework that should be align with the IT framework and methodology that used.
Do you have any others story or opinion for choosing the right framework and methodology for your company? Please share it to us.
Popularity: 69% [?]
