IT Compliance Made Easy
a framework for IT compliance:
the sarbanes-oxley act and IT
r
e
p
a
p
e
t
i
h
wA Framework for IT Compliance: The Sarbanes-Oxley Act and ITA White Paper by Aldon
Version 1.0: February 2006 Version 2.0: Revised July 2008
Many organizations invest considerable time and resources in implementing IT compliance frameworks in order to comply with regulatory requirements such as section 404 of the Sarbanes-Oxley Act of 2002. The ISACA COBIT 4.1 framework is one of the leading tools used to manage and improve IT controls. Many managers find it difficult to ascertain and understand exactly what needs to be done in order to achieve compliance. This white paper provides a framework for helping organizations achieve IT compliance.
® 2008 Aldon. All rights reserved. Aldon and the Aldon logo are registered trademarks of Aldon. All other trademarks are of their respective holders. 280701WPFITCSOV21
The Sarbanes-Oxley Act, enacted in July 2002, is a direct result of the large accounting scandals that occurred over the last several years and shook the very foundation of public accounting. Simply stated, Sarbanes-Oxley is a reform designed to institute stricter financial controls and reporting and assure that financial reports are written in easily understandable language. Reports must be certified by the CEO and the CFO and approved by independent auditors. As the full name, the Public Company Accounting Reform and Investor Protection Act implies, the Sarbanes-Oxley Act was designed to avoid the rampant irregularities and surprises that were discovered in 2001 and 2002, and to protect the public and investors.
Although Sarbanes-Oxley is designed for public companies with a market capitalization of over $75 million (U.S.), the expectation is that small companies will not be exempt, specifically companies with the hopes of eventually going public. As a result, the Sarbanes-Oxley Act has far-reaching repercussions for many companies and its effect will be felt throughout organizations across many different departments.
A Framework for IT Compliance | The Sarbanes-Oxley Act and IT2
Sarbanes-Oxley and ITSarbanes-Oxley is clearly intended to address financial reporting and accounting controls, yet its most significant operational impact will be in IT. The initial and most obvious impact will be in the new reporting IT must generate. Less obvious but perhaps more important are the structural changes that will be required in IT business processes. Sarbanes-Oxley requires comprehensive internal controls to ensure the accuracy and integrity of financial reporting. It clearly states that financial reports must include internal documentation that addresses the process controls in place and their effectiveness. IT must not only ensure that changes to financial reports are made in a controlled and auditable fashion, but it must also flag for management changes that will have a "significant impact" on the business. Since most changes must be reflected in the IT systems, IT becomes a critical point to monitor.
Fortunately, those requirements can be satisfied through the implementation and use of an enterprise-wide software application lifecycle management (ALM) solution. For years, Aldon has been providing enterprise application management solutions to companies seeking better control of their IT organizations. Repeatable and measurable processes, structured, defined, implemented, and enforced with Aldon solutions, can become one of the key methods to effectively and easily comply with the requirements imposed by the Sarbanes-Oxley Act.
Sarbanes-Oxley SpecificsThe Sarbanes-Oxley Act contains 11 different sections that outline the rules and regulations, as well as the penalties for noncompliance. Two sections of the Act are most relevant to this paper, and to IT departments-Section 302 and Section 404.
Section 302 addresses corporate responsibility for financial reports and states, in part:
vA signing officer (CFO or CEO) has reviewed the report and certified the report contains no untrue statement or omission of material ... [download for more]
