Advertisement
Promo

Compliance Toolkit

Sarbanes-Oxley: What IT managers need to know

Staff

Published: 18 Jan 2005 11:30 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

If you work for a public company, chances are there's a Sarbanes Oxley (SOX) project underway. As a manager over a key IT area, you've been recruited to help! If your company is like many others, however, there is a shortage of IT auditing expertise in-house. So what are you going to do?

Your auditors will eagerly email you links to mountains of literature in order to assist you. But that literature is most likely written in Auditese, a language spoken by auditors and mostly incomprehensible. That's where this article comes to your rescue. We've extracted the information you need from the mountain of literature available that will help you create test plans for your company to certify that you have appropriate IT controls in place.

From beginning to end
To begin, let's consider exactly how SOX relates to IT. Perhaps the best analogy developed to date is the following. If the act of financial reporting is like a relay race, with each racer representing a significant business process, then IT supports each business process like the bones support a racer's body structure.

In relay racing, team members must finish their segments of the race completely and accurately in order to make a valid handoff to the next racer. Additionally, each racer is restricted to a specific lane.

Even though a racer could still cross the finish line with a broken leg or injuries to the fingers and hands, achieving optimal performance in the race would be next to impossible because such injuries would have a negative effect on the speed and accuracy of a quick handoff. Running the race to the best of the racer's ability requires healing the injuries. Various short-term remedies, such as first-aid or a leg splint might help. However, only long-term repair will thoroughly heal the leg and allow the racer to run most efficiently.

So the question for IT managers becomes, how healthy are the controls that are built into your infrastructure?

Next

Previous

1 2 3 4


  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
231 out of 470 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Compliance


Video icon

Video

Cloud Watch Special Report

Five cloud computing myths exploded

Five cloud computing myths exploded

Analysis The cloud is providing a fertile habitat for the marketeers and their exaggerated claims. We examine the hokum and debunk the five most frequently peddled misconceptions about the cloud

Photo Inside IBM's only European Cloud Centre

Comment Cloud savings fail to make up for loss of control

More Special Reports

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

5 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters