| IT and the Impact of Sarbanes-Oxley (SOX) |
|
 |
|
|
| White Paper |
|
This white paper offers an overview of the impact of this path-breaking legislation on enterprise IT operations, particularly as it relates to the following topics:
- What compliance means – This section of the paper discusses SOX Section 404, which mandates effective internal financial controls, and Section 409, which requires that events materially affecting a company’s financial health be reported in real time. It also delineates IT’s role in supporting compliance.
- Necessary IT controls – IT controls encompass all aspects of scheduling and performing financial transactions as well as ensuring that proper procedures are followed and that reporting is complete and accurate. Controls are of two types. Application controls are embedded in software and are designed to detect or prevent unauthorized or fraudulent actions. General controls are those that IT has put in place to govern its operations.
- Current compliance efforts – These efforts typically revolve around separation of duties, control over changes to application, reviews of audit logs, and timely response to abnormal situations. Separation of duties is a particularly knotty issue, because audit best practices dictate arm’s-length relationships, and failure to maintain proper separation can mean non-compliance.
- Facilitating compliance – To increase their chances of success in this area, enterprises must focus on reviewing controls in place and automating as many as possible. Securing compliance without automated controls is possible but too costly and time-consuming to be practical.
This paper also briefly presents automated scheduling and Application Performance Management (APM) solutions from Tidal Software that can substantially reduce the burden of SOX compliance on enterprise IT departments.
Register to get immediate access to this white paper.
|