SQA Careers   |   SQA Adepts   |   SQA forums   |   SQA Blogs   |    SQA Discussion Boards   |   SQA Links
Web VAssure.com
IMS
 
 
Contact Us
 
For more information, contact :

info@VAssure.com

Home >IMS> BSM > Compliance & Best Practices > Surbanes Oxley

Sarbanes Oxley

 

The Sarbanes-Oxley Act of 2002 will have a significant impact on IT organizations. In accordance with Sarbanes-Oxley (Sarbox), executives must attest to the adequacy and effectiveness of their internal controls, including IT controls. Therefore, IT controls will be externally audited, and a statement of control verified by the audit must now appear in annual reports filed with the Securities and Exchange Commission (SEC).

Companies must identify their significant financial accounts, the business processes that support those financial accounts, and the applications and IT systems that support those business processes. Then they must document and test controls at the financial process level, the application level, and the IT infrastructure level.

Although Sarbox does not mandate automated systems-based controls, such controls may ease the compliance process. Auditors will be looking not only for process consistency, but also for the consistent use of controls over those processes. For this reason, auditors may be more critical of manual or paper-based processes in large or distributed organizations. In many cases, using software solutions, such as those from BMC Software, is the best way to implement consistent controls. Because, in general, auditors will not probe as hard when they see that applications are consistently being utilized, you can help to accelerate the audit process by automating your IT processes.

Mapping to IT Controls
As part of the preparation for a Sarbox IT audit, an IT control framework must be identified. COBIT, an IT control framework recognized by the audit community, provides a comprehensive set of control objectives that an auditor may follow point-by-point during an audit.

To support Sarbox, the IT Governance Institute has released an adaptation of COBIT that specifies different process areas that an IT auditor may assess in the context of a Sarbanes-Oxley IT audit.

To understand which of these must be demonstrated to pass the audit, consult with your company's auditor. In addition, as you prepare for your Sarbox audit, consider how software solutions can help to support the following COBIT control objectives:

COBIT Process Technology

A12
Acquire and implement application software
Design, acquire or build, and deploy systems that support financial processes.

Remedy Change Management
Remedy Asset Management
PATROL®

A13
Acquire and implement technology infrastructure
Design, acquire or build, and deploy systems that support applications and communications.

Remedy Change Management
Remedy Asset Management

A16

Manage Changes
Address how your organization modifies system functionality to ensure control and integrity of financial accounts

Remedy Change Management
Performance Assurance

DS1

Define & Manage Service Levels
Address how your organization meets the functional and operational expectations needed to support financial processes

Remedy Service Level Agreements
Service Level Management Solutions from BMC Software
Performance Assurance

DS3

Manage performance and capacity
Maintain complete and accurate data. They also allow an organization to trace back transactions to source information to support their validity.

BMC Service Impact Manager
SmartDBA™
Performance Assurance

DS4

Ensure continuous service
Manage continuous service, including controls to manage various disaster scenarios, from backup and recovery to full business continuity, to ensure the ability to produce financial statements in a timely manner.

BMC Service Impact Manager
SmartDBA™
Performance Assurance

DS9

Manage the Configuration
Ensure that security, availability, and processing integrity controls are set up in the system and maintained through an asset's life cycle.

Remedy Asset Management
Control SA®
SmartDBA™

DS10

Manage Problems & Incidents
Document how your organization responds to system failures and maintain reliable application systems in support of financial business systems.

Remedy Help Desk
Remedy Change Management
PATROL®

DS11

Manage data
Manage data to include controls and procedures to support information integrity, including its completeness, accuracy, authorization, and validity. Controls support initiating, recording, processing and reporting financial information to ensure reliability of financial data.

SmartDBA™
Remedy Change Management
PATROL®

DS13

Manage operations
Maintain reliable application systems in support of the business to initiate, record, process, and report financial information.

PATROL®
SmartDBA™
MAINVIEW®

M1

Monitor the Process
Monitor IT processes is to satisfy various control objective requirements.

Remedy Service Level Agreements
PATROL®
Remedy Flashboards®
News & Events

VAssure provides knowledge measurement solutions and services including assessments

VAssure provides knowledge measurement solutions and services including assessments

VAssure provides knowledge measurement solutions and services including assessments

Our Services
 
Our Partners
   
Home | Company | Services | Engagement Model | Infrastructure | Insight | SQA Careers | SQA Adepts | Site Map | Contact us
Privacy Policy | Terms & Conditions | Disclaimer