1 / 12

IT Control Objectives for Sarbanes-Oxley

IT Control Objectives for Sarbanes-Oxley. Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines. Managing Risk .

benjamin
Download Presentation

IT Control Objectives for Sarbanes-Oxley

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IT Control Objectives for Sarbanes-Oxley Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines

  2. Managing Risk “…many of the IT professionals being held accountable for the quality and integrity of information generated by their IT systems are not well versed in the intricacies of internal control. This is not to suggest that risk is not being managed by IT, but rather that it may not be formalized or structured in a way required by an organization’s management or its auditors.”

  3. IT Key Areas of Responsibility • Understanding the organization’s internal control program and financial reporting process • Mapping the IT systems that support internal control and the financial reporting process to the financial statements • Identifying risks related to these systems • Designing and implementing controls designed to mitigate the identified risks and monitoring them for continued effectiveness • Documenting and testing IT controls

  4. IT Key Areas of Responsibility • Ensuring that IT controls are updated and changed, as necessary, to correspond with changes in internal control or financial reporting process • Monitoring IT controls for effective operation over time • Participation by IT in the Sarbanes-Oxley project management office

  5. ITGI Control Objectives • IT Control Environment • Computer Operations • Access to Programs and Data • Program Development and Program Change

  6. IT Control Environment The PCAOB has indicated that an ineffective control environment should be regarded as at least a significant deficiency and as a strong indicator that a material weakness in internal control over financial reporting exists

  7. What is the IT Control Environment? • IT Governance Process • IS Strategic Plan • IT risk management process • Compliance and Regulatory management • IT policies, procedures and standards Monitoring and reporting are required to ensure that IT is aligned with business requirements.

  8. Computer Operations Computer operations should include controls over: • Effective acquisition • Implementation • Configuration and maintenance • Ongoing controls over operation address the day-to-day delivery of information services, service level mgt., management of third-party services, etc.

  9. Access to Programs and Data Overall goal of access controls are to prevent “the unauthorized use of, and changes to, the system, and entity protects it data and program integrity.”

  10. Program Development and Program Change • What are the acquisition and implementation risks of new applications and/or systems? • What are the risks of not having a good change management program?

  11. Multi-location Considerations • Significant business units • Potential financial materiality and significant risk considerations, quantitative and qualitative and both aspects provide focus

  12. Open Discussion

More Related