Compliance School

SOX, security standards and building a compliance framework

Requires Free Membership to View

Compliance with the Sarbanes-Oxley Act (SOX) is a major part of today's corporate culture. The threat of non-compliance, its financial headaches, and worse yet, the spectre of legal penalties to the highest levels of a corporation, appear to have achieved one of the Act's goals. Organizations take compliance very seriously.

Not surprisingly, this pressure on corporate executives flows downhill and projects a significant burden on finance departments and IT. However, while corporate finance groups may have a relatively easy time understanding the checks, balances and documentation required to prove accurate accounting, they do not typically understand the impact of IT controls on these activities. Worse yet, the rank and file of IT departments typically do not deeply involve themselves in corporate business practices, instead focusing on the operation of systems rather than their role in accurate reporting. The disjoint nature of the two disciplines is counter to the requirements of SOX. Both IT and corporate finance need to work together to ensure and demonstrate that financial, corporate and technological controls work effectively to provide accurate financial reporting.

One of the most important elements of SOX compliance is providing evidence that the financial applications and supporting systems and services are adequately secured to ensure that financial reports can be trusted. This places a special burden on IT security departments. They need to understand which systems, services and processes need to be controlled, which aspects of security are most critical to compliance and what it takes to demonstrate that their company is in compliance.

This article provides a brief introduction to dealing with the challenges that face IT security, including:

Home: Introduction
 Step 1: Understanding compliance -- Financial and technical standards
 Step 2: Scope of compliance
 Step 3: Establishing an IT Control Framework
 Step 4: Detailed objectives and policies
 Step 5: Measuring compliance
 Step 6: Managing and tracking compliance
 Step 7: The changing nature of compliance

This was first published in February 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: