1 / 5

Information Technology Controls and Sarbanes-Oxley

Information Technology Controls and Sarbanes-Oxley. ISACA Roundtable Discussion April 15, 2004. What are IT Controls?. IT processes embedded within the Business Processes (application level controls) – e.g., SAP security restricts access to vendor master file

britany
Download Presentation

Information Technology Controls and Sarbanes-Oxley

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Technology Controls and Sarbanes-Oxley ISACA Roundtable Discussion April 15, 2004

  2. What are IT Controls? • IT processes embedded within the Business Processes (application level controls) – e.g., SAP security restricts access to vendor master file • Infrastructure/General Computer Controls – e.g., Change Management, UNIX security • How do you determine what is in SOX scope?

  3. Financial • Statements • Balance Sheet • Income State • Cash Flow Stmt • Footnotes • Identify • Significant • Accounts • Individual • In Aggregate Major Classes of Transactions Processes Develop Materiality/ Threshold Applications (e.g., SAP) Infrastructure (Database, Network, Operating Systems)

  4. COBIT and COSO Link

  5. Minimum Documentation • Information Security • Policies, Procedures, Standards • Risk Assessment • Authentication Controls • Authorization Controls (including Administrator/Super User level) • User Access Administration (Granting, Terminating and Employee Transfers, Contractors) • Security Logging and Monitoring Controls • Other Technical Configurations • Physical Security • Systems Development and Change Management Controls • Request/Approvals • Prioritizations • Development Standards • SDLC • Testing, QA, Migration • Documentation Maintenance • Computer Operations • Batch Jobs (Abends, Performance/Capacity Monitoring) • Backups • Relevant application controls (e.g.,Access Controls, Edit/Validation Checks, Interfaces, Audit Trails, etc.)

More Related