Step 2: Scope of compliance

About Compliance School In Compliance School, guest instructor Richard Mackey shows you exactly what you need to do to meet regulations' ongoing demands and arms you with actionable items to ensure your business remains continuously compliant. Best of all you can attend any of the following on-demand lessons when it's most convenient for you: Ensuring compliance across the extended enterprise Compliance improvement: Get better as you go forward   Gauging your SOX progress   SOX compliance basics: Taking Action    Understanding compliance-related technology

The most straightforward approach to limiting scope is to define bounds based on the following:

• The financial applications involved in reporting, modifying financial state or feeding information to reporting systems
• The underlying systems and services (e.g., databases, operating systems, network authentication systems, administrative tools) that support the financial systems and applications
• The monitoring and auditing systems designed to track use and misuse of systems and applications

Armed with a focused list of financial processes, the IT organization needs to identify the critical applications and systems that comprise the compliance environment. IT then needs to work with business representatives to conduct a risk assessment to identify which systems depend largely on technical rather than business process controls. The risk assessment can help narrow the scope significantly, particularly if business checks and balances mitigate the risk that technical weaknesses could be exploited to commit fraud. Cooperation between business and technical groups is critical in defining the scope of compliance.

Home: Introduction
Step 1: Understanding compliance -- Financial and technical standards
Step 2: Scope of compliance
Step 3: Establishing an IT Control Framework
Step 4: Detailed objectives and policies
Step 5: Measuring compliance
Step 6: Managing and tracking compliance
Step 7: The changing nature of compliance