Mapping of the IT control for Sarbanes-Oxley, Cobit and PCAOB
A high-level mapping of the IT control objectives for Sarbanes-Oxley described in this document, IT general controls identified by the PCAOB and the COBIT 4.0 processes.
These 12 controls are: acquire and maintain application software, Acquire and maintain technology Infrastructure, Enable operations, Install and accredit solutions and changes, Manage changes, Define and manage service levels, Manage third-party services, Ensure systems security, Manage the configuration, Manage problems and incidents, Manage data, Manage the physical environment and operations
| Mapping to PCAOB IT General Control | ||||||
| No | IT Control Objectives for Sarbanes-Oxley | Mapping to Cobit | Program Development | Program Changes | Computer Operation | Access Control |
| 1 | Acquire and maintain application software | AI2 |
x
|
x
|
x
|
x
|
| 2 | Acquire and maintain technology Infrastructure | AI3 |
x
|
x
|
x
|
|
| 3 | Enable operations | AI4 |
x
|
x
|
x
|
x
|
| 4 | Install and accredit solutions and changes | AI7 |
x
|
x
|
x
|
x
|
| 5 | Manage changes. | AI6 |
x
|
x
|
||
| 6 | Define and manage service levels. | DS1 |
x
|
x
|
x
|
x
|
| 7 | Manage third-party services | DS2 |
x
|
x
|
x
|
x
|
| 8 | Ensure systems security. | DS5 |
x
|
x
|
x
|
x
|
| 9 | Manage the configuration. | DS9 |
x
|
x
|
||
| 10 | Manage problems and incidents. | DS8, DS10 |
x
|
|||
| 11 | Manage data | DS11 |
x
|
x
|
||
| 12 | Manage the physical environment and operations | DS12, DS13 |
x
|
x
|
||
Popularity: 43% [?]
