SarbanesOxleyFocus.com

January 18, 2009

Sarbanes-Oxley’s Impact on IT Departments

Filed under: checklist, control, design — admin @ 9:59 pm

For most organizations, IT services are now a vital part of the financial reporting process. The applications and services support creation, storage, processing, and reporting of financial transactions. Therefore, Sarbanes-Oxley compliance also must include controls for the use of technology in data handling, processing, and reporting. General computing controls thus are critical to the overall financial reporting process in ensuring data integrity and secure operations. IT departments now must formally address the design, documentation, implementation, testing, monitoring, and maintaining of IT internal controls.

The CEOs and CFOs look to the information services department to ensure that the general and specific internal controls for all applications, data, networking, contracts, licenses, telecommunications, and physical environment are documented and effective. Overall risk and control considerations are assessed at the departmental level of information services and then at the entity level. Entity-level review may vary depending on the following questions:

How large is the organization?
Are key functions outsourced?
What is the division of process and responsibilities for geographically dispersed locations?
How are the control responsibilities split among user groups, IS functions, and third-party providers?
How is the strategy for IS-both application and infrastructure-developed, documented, and managed?

To date, audits have found that the primary weaknesses among corporations are consistency, documentation, and communication. A given group within IS may believe that its strategy, tactical procedures, and applications are well controlled. However, communication with other groups may be lacking to the point that no one group knows what the other is doing. One of the most common deficiencies in organizations is the lack of a comprehensive strategic plan concerning how IT can best serve the overall business objectives. Together, these omissions lead to weak security and an uncontrolled or inconsistent architecture

Source: IT Auditing: Using Controls to Protect Information Assets by Chris Davis 2007

Popularity: 10% [?]

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • StumbleUpon
  • Digg
  • del.icio.us
  • Technorati
  • Sphinn
  • Facebook
  • Mixx
  • Google
  • blinkbits
  • BlinkList
  • NewsVine

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress