« Simple explanation about Sarbanes Oxley
Top 7 Sarbanes Oxley Benefit »

Six IT Controls Required for Sarbanes-Oxley Compliance

To date, the PCAOB and external auditors reviewing compliance with Sarbanes-Oxley have been attentive primarily to security, change management, and problem management. A key focus for the audit is integrity of the technology infrastructure for processing, storage, and communication of financial data. This is especially true when financial reports are generated from a data warehouse fed by multiple accounting and business operation systems.

Ownership of IT controls may be unclear, especially for application controls. Therefore, the audit in each area must integrate automated and manual controls at the business-process level.

In general, the following IT controls must be documented and evaluated as effective in order to be in compliance with Sarbanes-Oxley requirements:
1. IT security
2. Change control
3. Data management
4. IT operations
5. Network operations
6. Asset management

Source: IT Auditing: Using Controls to Protect Information Assets by Chris Davis 2007

Popularity: 17% [?]

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • StumbleUpon
  • Digg
  • del.icio.us
  • Technorati
  • Sphinn
  • Facebook
  • Mixx
  • Google
  • blinkbits
  • BlinkList
  • NewsVine

This entry was posted on Sunday, January 25th, 2009 at 3:54 am and is filed under control, methodology, policy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply