1 / 48

How to Achieve SOX Compliance Faster

Presented by Laurie LeBlanc SoftLanding Systems. How to Achieve SOX Compliance Faster. Agenda. SOX : Opportunity or Burden? IT Control Framework Software Tools Change Management Testing Security Q & A. The Sarbanes - Oxley Act of 2002. Opportunity or Burden?. An Annual Event.

vinnie
Download Presentation

How to Achieve SOX Compliance Faster

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Presented by Laurie LeBlanc SoftLanding Systems How to Achieve SOX Compliance Faster

  2. Agenda • SOX : Opportunity or Burden? • IT Control Framework • Software Tools • Change Management • Testing • Security • Q & A

  3. The Sarbanes - Oxley Act of 2002 Opportunity or Burden?

  4. An Annual Event • Title IV Sect 404 - Each annual report must include an “internal control report” • The CEO/CFO are responsible for an adequate internal control system • Must identify internal control framework used • A certified assessment by the CEO/CFO of the control’s effectiveness • An external auditor must alsoattest to the accuracy of these assertions

  5. COBIT (Control Objectives for IT) COBIT - IT Governance Maturity Model 0. Non-Existent 1. Initial / Ad Hoc 2. Repeatable but Intuitive 3. Defined Process 4. Managed and Measurable 5. Optimized

  6. Where Do I Begin?

  7. COBIT, How Software Products Apply

  8. COBIT and SOX • 300+ specific COBIT objectives • Of those, 164 pertain to SOX • Of those, 64 can be met with SoftLanding tools

  9. For instance… • Job Change and Termination (P07.8) • Management should ensure that appropriate and timely actions are taken regarding job changes and terminations so that internal controls and security are not impaired by such occurrences. • Software tools do not apply

  10. However… • System Software Change Controls (A13.6) • Procedures should be implemented to ensure that system software changes are controlled in line with the organization’s change management procedures. • Change Management tools directly apply

  11. SLS Tools and COBIT Objectives

  12. TurnOver Change Management

  13. Reports

  14. Auditing Specific Changes • Easy to audit full lifecycle • Initial request • Task approval • Development work • Testing results • Change approvals • How & when changes went live • All from a single iSeries database

  15. TurnOver Change Management Repeatable process plus: • Approval enforcement • Authorities by application & development level • Change history • Standardized controls

  16. TurnOver Workflow COBIT Section A14 – Develop & Maintain Procedures

  17. Issue Tracking COBIT Section DS10 – Manage Problems and Incidents

  18. Issue Tracking

  19. Issue Tracking

  20. Project Management COBIT Section PO10 – Manage Projects

  21. Project Management Repeatable workflow & authorities: • Save time • Increase control • Improve predictability

  22. Project Management

  23. Project Management

  24. Development COBIT Sections A16 & DS9 – Manage Changes – Manage the Configuration

  25. Development

  26. Development

  27. Development

  28. Development TurnOver provides for: • Object stamping and versioning • Emergency changes • Pre-established criteria • Done within the system • Audit trail of all program changes

  29. Test & Deploy COBIT Section A15 – Install & Accredit System

  30. Test & Deploy TurnOver will: • Create/maintain test environments • Facilitate communication between dev, QA, users & project managers • Enforce approval procedures • Provide audit trail

  31. Test & Deploy

  32. Production COBIT Objectives A15.12 & A16.8 – Promotion to Production – Distribution of Software

  33. Production

  34. Production

  35. Summary

  36. Testing Tools and COBIT Objectives

  37. TestBench COBIT Sections A15 and PO10 - Install/Accredit Systems - Manage Projects

  38. TestBench COBIT Objective A15.7 – Testing of Changes COBIT Objective A15.11 – Operational Test

  39. TestBench COBIT Objectives: A12.15, A13.4, A15.6, 15.8 PO10.8-9, PO10.11

  40. TestBench COBIT Objective A15.9 – Final Acceptance Test

  41. SLS Tools and COBIT Objectives

  42. Security Tools COBIT Section DS5 –Ensure Systems Security

  43. PowerLock NetworkSecurity Covers COBIT Objectives: DS5.2, DS5.3, DS5.7, DS5.10 and DS5.11

  44. PowerLock SecurityAudit Covers COBIT Objectives: DS5.1, DS5.2, DS5.4, DS5.5, DS5.9, DS5.10

  45. VISUAL Security Covers COBIT Objectives: DS5.6, DS5.7, DS5.10 and DS5.11

  46. SoftMenu Covers COBIT Objectives: DS5.3, DS5.4, DS5.5 and DS5.9

  47. Experience Counts "TurnOver and SoftMenu played a big part in ourpreparations for Sarbanes-Oxley compliance.They're always very strong during audits – they're never challenged." — Jerry Bell Director of Systems Development Oshkosh B'Gosh Inc.

  48. Thank You! • Contact SoftLanding to discuss how our products can help you achieve SOX compliance faster: (800) 545-9485 or (603) 924-8818 • Email lauriel@softlanding.com: For questions related to this Presentation • SoftLanding SOX Resources Page: www.softlanding.com/sox

More Related