SlideShare una empresa de Scribd logo

SOX IT Perspective Guide

Neelabh Srivastava
Neelabh Srivastava

The document discusses the Sarbanes-Oxley Act (SOX) from an IT perspective. It provides background on how major company frauds led to the creation of SOX. It describes the key points of SOX, including the requirements of section 404 for management to assess internal controls. While SOX compliance presents challenges and costs for companies, it can also streamline processes and reduce risks. The document addresses common questions about SOX's applicability and compliance requirements and concludes that maintaining strong IT controls is important for business efficiency beyond just financial reporting.

TecnologíaEmpresariales
1 de 17
Descargar para leer sin conexión
SOX: IT Perspective Neelabh Srivastava
SOX: IT Perspective Agenda  Background  Facts about SOX ACT  Objective  Section 404: Key Points  A Burden or Opportunity  Challenges  Sox Benefits  SOX Compliance Frameworks  FAQs  Conclusion 2 Neelabh Srivastava September 2012
SOX: IT Perspective Background  Two largest US companies goes bankrupt.  Other financial frauds follow.  Investors lost money & faith in companies  Debacle in Stock Market.  US govt. took action.  Sarbanes and Oxley Act was made Law. 3 Neelabh Srivastava September 2012
SOX: IT Perspective Facts about SOX Act  The Act was passed on 30 July, 2002.  Names after its Architects US Senator Paul Sarbanes and US Representative Michael Oxley.  Also Known as SOA (Sarbanes-Oxley Act)  Applies to Publicly-traded companies in US.  The act consists of 11 sections.  Known as one of the worst Tech related Bills of all time. 4 Neelabh Srivastava September 2012
SOX: IT Perspective Objective:  Fundamentally, Sarbanes-Oxley (SOX) requires that financial reports are based on accurate information and that the processes by which this information is collected are themselves accurate & controlled.  Rebuilding Public Trust. 5 Neelabh Srivastava September 2012
SOX: IT Perspective Section 404: Key Points  Refers to “Management assessment of Internal Controls”  With only 180 words, this section has created a furor in various depts. including IT.  As IT controls financial processing and reporting, therefore falls in SOX ambit.  Effectively it is forced implementation of the best practices.  404 Most contentious part of SOX. 6 Neelabh Srivastava September 2012
SOX: IT Perspective A Burden or An Opportunity It’s a matter of Perspective. Classic Example of “Glass Half Empty or Half Full” 7 Neelabh Srivastava September 2012
SOX: IT Perspective Challenges:  High Compliance Costs  Segregation of Duties (too few people)  Increase in Project Durations.  High Administrative work.  Increased workload on IT staff. 8 Neelabh Srivastava September 2012
SOX: IT Perspective SOX Benefits:  Standardizing/Eliminating Variation of Computing Envt.  Automation of Manual Processes.  Identification and addressing risks and in your environment.  Improved efficiencies through consolidation.  Reduced Operating costs.  Reduced Incidents  Documentation for every process/operation. 9 Neelabh Srivastava September 2012
SOX: IT Perspective SOX Compliance Frameworks  COBIT (Control Objectives for Information and Related Technology)  COSO (Committee of Sponsoring Organizations).  ITIL (Information Technology Infrastructure Library)  COCO (Criteria of Control).  Tumbull Framework  King Framework COSO is the most widely adopted framework in US. 10 Neelabh Srivastava September 2012
SOX: IT Perspective FAQ: 1) How often do companies need to comply with SOX - annually or quarterly? All publicly traded companies must comply with SOX both annually and quarterly. Section 404 is an annual evaluation of internal controls which requires annual compliance, whereas other sections like 302 and 906 are both quarterly certification requirements. 11 Neelabh Srivastava September 2012
SOX: IT Perspective FAQ: 2) What does Section 404 mean from practical perspective? In practice it will depend on the external auditor to define what aspects of the overall operations that they feel are material and then to what degree. It can be based on multiple criterion including their own control objectives. 12 Neelabh Srivastava September 2012
SOX: IT Perspective FAQ: 3) If the SOX is intended for Financial reforms then how does IT came in picture? The thing to remember about SOX is that it is primarily focused on the accuracy of financial reporting data. IT per say is important under SOX only to the extent that it enhances the reliability and integrity of that reporting which of course can be achieved by having full controls over IT infra, Change management, IT security etc… 13 Neelabh Srivastava September 2012
SOX: IT Perspective FAQ: 4) Whether non-production systems such as Dev, QA, Test etc.. systems should be in-scope for SOX? They might not be in the "direct" scope of SOX, but these environments certainly play a role in the Change Management process and other Life Cycles. Thus, they cannot be completely ignored. 14 Neelabh Srivastava September 2012
SOX: IT Perspective FAQ: 5) If this is ever going to finish? Unfortunately No, there will be an ongoing need to update and validate the processes and supporting documentation. 15 Neelabh Srivastava September 2012
SOX: IT Perspective Conclusion: The better reason to have good controls over IT and IT security, however, is not because it will make you SOX compliant but because it will make your business more efficient, enable you to better utilize your data, and allow you to trust ALL the data, not just financial reporting data. 16 Neelabh Srivastava September 2012
SOX: IT Perspective References: http://en.wikipedia.org/wiki/Sarbanes–Oxley_Act http://en.wikipedia.org/wiki/Information_technology_controls http://www.securityfocus.com/columnists/322 http://www.sarbanes-oxley-101.com 17 Neelabh Srivastava September 2012

Recomendados

Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
Sox Compliance Presentation
Sox Compliance PresentationSox Compliance Presentation
Sox Compliance PresentationSkye Rogers
 
SOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleySOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleyAmarnath Gupta
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Sox presentation By DSA
Sox presentation By DSASox presentation By DSA
Sox presentation By DSAMuhammad Daniyal Shahid
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 

Recomendados

Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
Sox Compliance Presentation
Sox Compliance PresentationSox Compliance Presentation
Sox Compliance PresentationSkye Rogers
 
SOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleySOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleyAmarnath Gupta
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Sox presentation By DSA
Sox presentation By DSASox presentation By DSA
Sox presentation By DSAMuhammad Daniyal Shahid
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
IT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentIT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentEryk Budi Pratama
 
Cobit
CobitCobit
Cobitifourkhushbooshah
 
Coso framework
Coso frameworkCoso framework
Coso frameworkDarryl Woolley
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
IT General Controls
IT General ControlsIT General Controls
IT General ControlsCicero Ray Rufino
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5Laddawan Rattanaruang
 
Compliance framework
Compliance frameworkCompliance framework
Compliance frameworkManoj Agarwal
 
COBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfCOBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfMartinPatrici
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACAMDFazlaRabbiAbir
 
IT Control Objectives Framework, A Relationship Between COSO Cobit and ITIL
IT Control Objectives Framework, A Relationship Between COSO Cobit and ITILIT Control Objectives Framework, A Relationship Between COSO Cobit and ITIL
IT Control Objectives Framework, A Relationship Between COSO Cobit and ITILAlfid Ardyanto
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of DutiesPECB
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample ReportRandy James
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance FrameworkSherri Booher
 
Corporate Compliance Management
Corporate Compliance Management Corporate Compliance Management
Corporate Compliance Management Pavan Kumar Vijay
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Managementbanerjeerohit
 
Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002Syed Shah
 
Sarbanes-Oxley act
Sarbanes-Oxley actSarbanes-Oxley act
Sarbanes-Oxley actRizze
 

Más contenido relacionado

La actualidad más candente

Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
IT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentIT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentEryk Budi Pratama
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Compliance framework
Compliance frameworkCompliance framework
Compliance frameworkManoj Agarwal
 
COBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfCOBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfMartinPatrici
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACAMDFazlaRabbiAbir
 
IT Control Objectives Framework, A Relationship Between COSO Cobit and ITIL
IT Control Objectives Framework, A Relationship Between COSO Cobit and ITILIT Control Objectives Framework, A Relationship Between COSO Cobit and ITIL
IT Control Objectives Framework, A Relationship Between COSO Cobit and ITILAlfid Ardyanto
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of DutiesPECB
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample ReportRandy James
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance FrameworkSherri Booher
 
Corporate Compliance Management
Corporate Compliance Management Corporate Compliance Management
Corporate Compliance Management Pavan Kumar Vijay
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Managementbanerjeerohit
 

La actualidad más candente (20)

Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
IT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentIT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability Assessment
 
Cobit
CobitCobit
Cobit
 
Coso framework
Coso frameworkCoso framework
Coso framework
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
 
Compliance framework
Compliance frameworkCompliance framework
Compliance framework
 
COBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfCOBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdf
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
 
IT Control Objectives Framework, A Relationship Between COSO Cobit and ITIL
IT Control Objectives Framework, A Relationship Between COSO Cobit and ITILIT Control Objectives Framework, A Relationship Between COSO Cobit and ITIL
IT Control Objectives Framework, A Relationship Between COSO Cobit and ITIL
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance framework
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of Duties
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample Report
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
 
Corporate Compliance Management
Corporate Compliance Management Corporate Compliance Management
Corporate Compliance Management
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 

Destacado

Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002Syed Shah
 
Sarbanes-Oxley act
Sarbanes-Oxley actSarbanes-Oxley act
Sarbanes-Oxley actRizze
 
Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)vinaya.hs
 
Sox Compliance Solution
Sox Compliance SolutionSox Compliance Solution
Sox Compliance Solutionguest586cf0
 
Sox In Telecom Industry
Sox In Telecom IndustrySox In Telecom Industry
Sox In Telecom IndustryMahesh Panchal
 
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?SAPinsider Events
 
sap security interview_questions
sap security interview_questionssap security interview_questions
sap security interview_questionssumitmsn2
 
Sarbanes Oxley Act
Sarbanes Oxley ActSarbanes Oxley Act
Sarbanes Oxley Actles561
 
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...TransWare AG
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Smart ERP Solutions, Inc.
 
Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsAutomating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsSmart ERP Solutions, Inc.
 
Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 trainingsuresh
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsRohan Andrews
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP SecurityNasir Gondal
 
SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important QuestionsRagu M
 

Destacado (20)

Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002
 
Sarbanes-Oxley act
Sarbanes-Oxley actSarbanes-Oxley act
Sarbanes-Oxley act
 
Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)
 
Sox Compliance Solution
Sox Compliance SolutionSox Compliance Solution
Sox Compliance Solution
 
Sox In Telecom Industry
Sox In Telecom IndustrySox In Telecom Industry
Sox In Telecom Industry
 
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
 
sap security interview_questions
sap security interview_questionssap security interview_questions
sap security interview_questions
 
Sarbanes Oxley Act
Sarbanes Oxley ActSarbanes Oxley Act
Sarbanes Oxley Act
 
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
 
Sarbanes Oxley Act
Sarbanes Oxley ActSarbanes Oxley Act
Sarbanes Oxley Act
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23
 
Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsAutomating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and Financials
 
Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 training
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM Workflows
 
SAP grc
SAP grc SAP grc
SAP grc
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP Security
 
SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important Questions
 
Practical guide for sap security
Practical guide for sap security Practical guide for sap security
Practical guide for sap security
 

Similar a SOX IT Perspective Guide

GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001IJNSA Journal
 
AN IT EXECUTIVE'S OVERVIEW
AN IT EXECUTIVE'S OVERVIEWAN IT EXECUTIVE'S OVERVIEW
AN IT EXECUTIVE'S OVERVIEWRugby7277
 
Ontology and taxonomy creation presented dc 3day
Ontology and taxonomy creation presented dc 3dayOntology and taxonomy creation presented dc 3day
Ontology and taxonomy creation presented dc 3dayBrian K. Seitz
 
8 reasons you need a strategy for managing information..before it's too late
8 reasons you need a strategy for managing information..before it's too late8 reasons you need a strategy for managing information..before it's too late
8 reasons you need a strategy for managing information..before it's too lateVander Loto
 
Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007
Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007 Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007
Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007 Laurent Janssens
 
IT Governance Security questions and answers for Dr.Sidney. I will p.docx
IT Governance Security questions and answers for Dr.Sidney. I will p.docxIT Governance Security questions and answers for Dr.Sidney. I will p.docx
IT Governance Security questions and answers for Dr.Sidney. I will p.docxcareyshaunda
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT FrameworksFrancisco Calzado
 
Grove Ventures Shift Happens Report
Grove Ventures Shift Happens ReportGrove Ventures Shift Happens Report
Grove Ventures Shift Happens ReportLotanLevkowitz1
 
Grove Ventures Shift Happens Report
Grove Ventures Shift Happens ReportGrove Ventures Shift Happens Report
Grove Ventures Shift Happens ReportLotanLevkowitz1
 
Fast IT Mariano O'Kon, Cisco Live Cancun 2014
Fast IT Mariano O'Kon, Cisco Live Cancun 2014Fast IT Mariano O'Kon, Cisco Live Cancun 2014
Fast IT Mariano O'Kon, Cisco Live Cancun 2014Felipe Lamus
 
WEEK 1Resources Frameworks and Plenitude Please respond to t.docx
WEEK 1Resources Frameworks and Plenitude Please respond to t.docxWEEK 1Resources Frameworks and Plenitude Please respond to t.docx
WEEK 1Resources Frameworks and Plenitude Please respond to t.docxjessiehampson
 
ISO Monday Web Seminar - See A Lot By Looking
ISO Monday Web Seminar - See A Lot By LookingISO Monday Web Seminar - See A Lot By Looking
ISO Monday Web Seminar - See A Lot By Lookingafaber
 
Why Modern Systems Require a New Approach to Observability
Why Modern Systems Require a New Approach to ObservabilityWhy Modern Systems Require a New Approach to Observability
Why Modern Systems Require a New Approach to ObservabilityEnterprise Management Associates
 
The Room | Innotrain systematization
The Room | Innotrain systematization The Room | Innotrain systematization
The Room | Innotrain systematization Graphic Design Sydney
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic ConceptsSpyros Ktenas
 
SOA Course - SOA governance - Lecture 19
SOA Course - SOA governance - Lecture 19SOA Course - SOA governance - Lecture 19
SOA Course - SOA governance - Lecture 19phanleson
 
Newcastle conclusion2013
Newcastle conclusion2013Newcastle conclusion2013
Newcastle conclusion2013Lee Schlenker
 

Similar a SOX IT Perspective Guide (20)

GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
 
AN IT EXECUTIVE'S OVERVIEW
AN IT EXECUTIVE'S OVERVIEWAN IT EXECUTIVE'S OVERVIEW
AN IT EXECUTIVE'S OVERVIEW
 
Convergence SOA & BI Presentation June 2010
Convergence SOA & BI Presentation June 2010Convergence SOA & BI Presentation June 2010
Convergence SOA & BI Presentation June 2010
 
Ontology and taxonomy creation presented dc 3day
Ontology and taxonomy creation presented dc 3dayOntology and taxonomy creation presented dc 3day
Ontology and taxonomy creation presented dc 3day
 
8 reasons you need a strategy for managing information..before it's too late
8 reasons you need a strategy for managing information..before it's too late8 reasons you need a strategy for managing information..before it's too late
8 reasons you need a strategy for managing information..before it's too late
 
Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007
Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007 Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007
Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007
 
IT Governance Security questions and answers for Dr.Sidney. I will p.docx
IT Governance Security questions and answers for Dr.Sidney. I will p.docxIT Governance Security questions and answers for Dr.Sidney. I will p.docx
IT Governance Security questions and answers for Dr.Sidney. I will p.docx
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks
 
Israel IT Market 2006 2008
Israel IT Market 2006 2008Israel IT Market 2006 2008
Israel IT Market 2006 2008
 
Grove Ventures Shift Happens Report
Grove Ventures Shift Happens ReportGrove Ventures Shift Happens Report
Grove Ventures Shift Happens Report
 
Grove Ventures Shift Happens Report
Grove Ventures Shift Happens ReportGrove Ventures Shift Happens Report
Grove Ventures Shift Happens Report
 
ITIL continual service improvement
ITIL continual service improvementITIL continual service improvement
ITIL continual service improvement
 
Fast IT Mariano O'Kon, Cisco Live Cancun 2014
Fast IT Mariano O'Kon, Cisco Live Cancun 2014Fast IT Mariano O'Kon, Cisco Live Cancun 2014
Fast IT Mariano O'Kon, Cisco Live Cancun 2014
 
WEEK 1Resources Frameworks and Plenitude Please respond to t.docx
WEEK 1Resources Frameworks and Plenitude Please respond to t.docxWEEK 1Resources Frameworks and Plenitude Please respond to t.docx
WEEK 1Resources Frameworks and Plenitude Please respond to t.docx
 
ISO Monday Web Seminar - See A Lot By Looking
ISO Monday Web Seminar - See A Lot By LookingISO Monday Web Seminar - See A Lot By Looking
ISO Monday Web Seminar - See A Lot By Looking
 
Why Modern Systems Require a New Approach to Observability
Why Modern Systems Require a New Approach to ObservabilityWhy Modern Systems Require a New Approach to Observability
Why Modern Systems Require a New Approach to Observability
 
The Room | Innotrain systematization
The Room | Innotrain systematization The Room | Innotrain systematization
The Room | Innotrain systematization
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic Concepts
 
SOA Course - SOA governance - Lecture 19
SOA Course - SOA governance - Lecture 19SOA Course - SOA governance - Lecture 19
SOA Course - SOA governance - Lecture 19
 
Newcastle conclusion2013
Newcastle conclusion2013Newcastle conclusion2013
Newcastle conclusion2013
 

Último

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 

Último (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 

SOX IT Perspective Guide

  • 1. SOX: IT Perspective Neelabh Srivastava
  • 2. SOX: IT Perspective Agenda  Background  Facts about SOX ACT  Objective  Section 404: Key Points  A Burden or Opportunity  Challenges  Sox Benefits  SOX Compliance Frameworks  FAQs  Conclusion 2 Neelabh Srivastava September 2012
  • 3. SOX: IT Perspective Background  Two largest US companies goes bankrupt.  Other financial frauds follow.  Investors lost money & faith in companies  Debacle in Stock Market.  US govt. took action.  Sarbanes and Oxley Act was made Law. 3 Neelabh Srivastava September 2012
  • 4. SOX: IT Perspective Facts about SOX Act  The Act was passed on 30 July, 2002.  Names after its Architects US Senator Paul Sarbanes and US Representative Michael Oxley.  Also Known as SOA (Sarbanes-Oxley Act)  Applies to Publicly-traded companies in US.  The act consists of 11 sections.  Known as one of the worst Tech related Bills of all time. 4 Neelabh Srivastava September 2012
  • 5. SOX: IT Perspective Objective:  Fundamentally, Sarbanes-Oxley (SOX) requires that financial reports are based on accurate information and that the processes by which this information is collected are themselves accurate & controlled.  Rebuilding Public Trust. 5 Neelabh Srivastava September 2012
  • 6. SOX: IT Perspective Section 404: Key Points  Refers to “Management assessment of Internal Controls”  With only 180 words, this section has created a furor in various depts. including IT.  As IT controls financial processing and reporting, therefore falls in SOX ambit.  Effectively it is forced implementation of the best practices.  404 Most contentious part of SOX. 6 Neelabh Srivastava September 2012
  • 7. SOX: IT Perspective A Burden or An Opportunity It’s a matter of Perspective. Classic Example of “Glass Half Empty or Half Full” 7 Neelabh Srivastava September 2012
  • 8. SOX: IT Perspective Challenges:  High Compliance Costs  Segregation of Duties (too few people)  Increase in Project Durations.  High Administrative work.  Increased workload on IT staff. 8 Neelabh Srivastava September 2012
  • 9. SOX: IT Perspective SOX Benefits:  Standardizing/Eliminating Variation of Computing Envt.  Automation of Manual Processes.  Identification and addressing risks and in your environment.  Improved efficiencies through consolidation.  Reduced Operating costs.  Reduced Incidents  Documentation for every process/operation. 9 Neelabh Srivastava September 2012
  • 10. SOX: IT Perspective SOX Compliance Frameworks  COBIT (Control Objectives for Information and Related Technology)  COSO (Committee of Sponsoring Organizations).  ITIL (Information Technology Infrastructure Library)  COCO (Criteria of Control).  Tumbull Framework  King Framework COSO is the most widely adopted framework in US. 10 Neelabh Srivastava September 2012
  • 11. SOX: IT Perspective FAQ: 1) How often do companies need to comply with SOX - annually or quarterly? All publicly traded companies must comply with SOX both annually and quarterly. Section 404 is an annual evaluation of internal controls which requires annual compliance, whereas other sections like 302 and 906 are both quarterly certification requirements. 11 Neelabh Srivastava September 2012
  • 12. SOX: IT Perspective FAQ: 2) What does Section 404 mean from practical perspective? In practice it will depend on the external auditor to define what aspects of the overall operations that they feel are material and then to what degree. It can be based on multiple criterion including their own control objectives. 12 Neelabh Srivastava September 2012
  • 13. SOX: IT Perspective FAQ: 3) If the SOX is intended for Financial reforms then how does IT came in picture? The thing to remember about SOX is that it is primarily focused on the accuracy of financial reporting data. IT per say is important under SOX only to the extent that it enhances the reliability and integrity of that reporting which of course can be achieved by having full controls over IT infra, Change management, IT security etc… 13 Neelabh Srivastava September 2012
  • 14. SOX: IT Perspective FAQ: 4) Whether non-production systems such as Dev, QA, Test etc.. systems should be in-scope for SOX? They might not be in the "direct" scope of SOX, but these environments certainly play a role in the Change Management process and other Life Cycles. Thus, they cannot be completely ignored. 14 Neelabh Srivastava September 2012
  • 15. SOX: IT Perspective FAQ: 5) If this is ever going to finish? Unfortunately No, there will be an ongoing need to update and validate the processes and supporting documentation. 15 Neelabh Srivastava September 2012
  • 16. SOX: IT Perspective Conclusion: The better reason to have good controls over IT and IT security, however, is not because it will make you SOX compliant but because it will make your business more efficient, enable you to better utilize your data, and allow you to trust ALL the data, not just financial reporting data. 16 Neelabh Srivastava September 2012
  • 17. SOX: IT Perspective References: http://en.wikipedia.org/wiki/Sarbanes–Oxley_Act http://en.wikipedia.org/wiki/Information_technology_controls http://www.securityfocus.com/columnists/322 http://www.sarbanes-oxley-101.com 17 Neelabh Srivastava September 2012