Step 7: The changing nature of compliance

About Compliance School

In Compliance School, guest instructor Richard Mackey shows you exactly what you need to do to meet regulations' ongoing demands and arms you with actionable items to ensure your business remains continuously compliant. Best of all you can attend any of the following on-demand lessons when it's most convenient for you:

Ensuring compliance across the extended enterprise

Compliance improvement: Get better as you go forward  

Gauging your SOX progress  

SOX compliance basics: Taking Action   

compliance-related technology
As time goes on, auditors will expect organizations to raise the bar with respect to the maturity and reliability of controls. They will expect more rigorous compliance with COSO and COBIT, better integration of business and technical controls, and even more proactive technical controls designed to detect or prevent some of the business activities prohibited by SOX (e.g., loans to officers). As it stands, organizations will have a grace period as they continue to improve their compliance infrastructure. In the coming years, however, we can expect auditors to judge effectiveness of controls by stricter adherence to standards.

The solution is to accept the reality that SOX is here to stay, and that corporate and IT governance are best integrated in a common or consistent framework. The sooner organizations adopt such an approach, the better off they will be.

To learn more:

SOX refers to COSO and its Internal Integrated Control Framework as a method to achieve compliance.

The IT Governance Institute maintains COBIT.

The Information Technology Institute has a wealth of materials on COBIT and application of COBIT in SOX compliance.

Protiviti offers documents regarding audit practices and, in particular, an FAQ regarding SOX section 404 compliance.

Home: Introduction
Step 1: Understanding compliance -- Financial and technical standards
Step 2: Scope of compliance
Step 3: Establishing an IT Control Framework
Step 4: Detailed objectives and policies
Step 5: Measuring compliance
Step 6: Managing and tracking compliance
Step 7: The changing nature of compliance
>> Next: SOX: Taking action
This was last published in February 2006

Dig Deeper on Security audit, compliance and standards

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.