The Sarbanes-Oxley Act's call for "adequate internal controls over financial reporting" is vague, and for good reason. By withholding prescriptive details, the regulators created a moving target that allows compliance requirements to increase with advances in technology.
According to Dennis Brewer on SearchSecurity.com, "The only way to successfully meet the compliance criteria is to set the bar for authentication and access controls as high as the technologies and products available today allow. Once you have a control structure implemented, then have in place a scheme for constant vigilance for anything that will change the compliance landscape and to constantly test the success of your [customer's] control structure long before any of the compliance auditors visit."
As your customer's trusted adviser, you can play a significant role in SOX compliance efforts. Implementing a control framework is no minor task, and after you're done, you can help your customer maintain compliance by keeping them informed of the latest technologies and auditors' expectations. This learning guide is designed to help you to do just those things.
Introduction to COBIT for SOX compliance
The most widely accepted standard for achieving SOX compliance is COBIT. Understanding this standard will provide you with a repeatable framework that you can apply to all of your customers' regulatory compliance projects.
SOX Scorecard
This 20-question scorecard, aligned with the sections of the COBIT standard, is designed to help you gauge an organization's ability
 |
| The SOX Enforcers |
| The Securities and Exchange Commission (SEC) is responsible for enforcing the Sarbanes-Oxley Act (SOX). The Public Company Accounting Oversight Board (PCAOB -- pronounced peek-a-boo) was formed by the SEC to oversee and inspect the audit of public companies by registered public accounting firms. This proactive assessment ensures audit processes remain on the up-and-up according to the SOX requirements. However, whistleblowers and others can just as easily launch a complaint if they suspect a violation. – Kevin Beaver for SearchSecurity.com: Will the 'regulatory police' be knocking on your door? |
|
|
|
|
to meet COBIT control objectives that are important in complying with Sarbanes-Oxley Section 404. Use it to assess the state of your customer's compliance efforts.
SOX, security standards and building a compliance framework
This article introduces SOX requirements and addresses the challenges of meeting them. Learn how to limit the scope of the compliance project, establish an IT control framework, and measure, manage and track your customer's compliance.
Keeping SOX 404 under control(s)
Security policies should be the driving force behind the types of controls you implement in your customers' environments. This article outlines the various policies that support Sarbanes-Oxley compliance.
Maintaining compliance in a world of constant change
Compliance doesn't stop after the first successful audit. You'll need to help your customers maintain compliance amidst constant business and technological changes. Here are four tips on keeping up with it all.
Raising the bar on compliance success
You've helped your customers establish baselines for reporting on foundational IT controls, and you've leveraged control frameworks and resident technologies to assist in logging, auditing and reporting. The next milestone is to "raise the bar" on how this information and data is collected and managed -- using fewer resources to achieve better results. This webcast provides a technical and procedural guideline for getting there.
