As we mentioned, COSO is the de facto internal control framework associated with Sarbanes-Oxley. Therefore, COBIT...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is a natural choice for the IT Control Framework. The COBIT Framework is a set of 34 high-level control objectives organized into the four areas described in the financial and technical standards section.
About Compliance School
In Compliance School, guest instructor Richard Mackey shows you exactly what you need to do to meet regulations' ongoing demands and arms you with actionable items to ensure your business remains continuously compliant. Best of all you can attend any of the following on-demand lessons when it's most convenient for you:
The diagram above shows the 34 high-level control objectives and their relationship to the four areas. While a majority of the controls have elements that are important in SOX compliance, a number of the high-level objectives stand out.
In the area of Planning and Organization:
- Determine the information architecture
- Define the IT organization and relationships
- Ensure compliance with external requirements
- Assess risks
Virtually all of the elements of Acquisition and Implementation:
- Acquire and maintain application software
- Acquire and maintain technology infrastructure
- Develop and maintain procedures
- Install and accredit systems
- Manage changes
Many of the elements of Delivery and Support:
- Ensure systems security
- Educate and train users
- Manage the configuration
- Manage problems and incidents
- Manage data
- Manage facilities
- Manage operations
And all of the elements associated with Monitoring:
- Monitor the processes
- Assess internal control adequacy
- Obtain independent assurance
- Provide for independent audit
Using these objectives, COBIT recommends organizations follow a plan, do, check, correct cycle. This philosophy, if followed, will help to improve the effectiveness of IT operations and, at the same time, help an organization achieve SOX compliance.
- Home: Introduction
- Step 1: Understanding compliance -- Financial and technical standards
- Step 2: Scope of compliance
- Step 3: Establishing an IT Control Framework
- Step 4: Detailed objectives and policies
- Step 5: Measuring compliance
- Step 6: Managing and tracking compliance
- Step 7: The changing nature of compliance