Sarbanes-Oxley: What IT managers need to know
Staff
Published: 18 Jan 2005 11:30 GMT
Getting help with control activities
A control activity is a term coined by the Committee of Sponsoring Organisations of the Treadway Commission (commonly known as COSO). The original examples of control activities are within the two volume set, Internal Control Integrated Framework. Internal Control Integrated Framework is available for purchase through the American Institute of Certified Public Accountants (www.aicpa.org), but the original publication is very light on IT-related material.
A number of more comprehensive resources for IT professionals are free to download. One favourite of professional auditors includes a two-volume publication called Standards for Business Controls. You can download that document here and find examples of objectives, risk and control activities. Volume II is strictly for IT processes and is mainframe-oriented due to its age. However, you can update the control objectives by referring to another white paper called IT Objectives for Sarbanes Oxley at www.ISACA.org.
Last but not least, you can borrow sample objectives from SysTrust. However, because these resources are not specific to a particular technology, you will need to heavily customise their sample test plans to fit your organisation.
Previous
Did you find this article useful?
230 out of 464 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
