Free Pricing | JCPenney Coupons | Pizza Hut Coupons | Home Depot Coupons
IT Controls and old SOX

IT Controls and old SOX

by Rick Turoczy on August 27, 2005

To the IT practioner, SOX is all about controls. It’s all very well having correct Processes, correct System Development Life Cycles, correct Authorisation processes and correct documentation, but if they don’t have a process for QA and review then the’re not worth anything in a control sense. First we’re going to have to take a look at what the US Securities and Exchange Commission (SEC) said in its final rules about the Sarbanes Oxley Act. The SEC more or less mandated the use of the Committee of the Sponsoring Organization of the Treadway Commission (COSO) internal control framework.

Section 404 of the SOX act addresses internal control over financial reporting, but I take the position that if you’re going to automate any form of control over your IT Systems, then you may as well do it for all your Business functions. It would be nice to give your customers the same confidence that you’re going to give your Auditors.

IT Controls and old SOX

Leave a Comment

Previous post:

Next post: