Selamat datang di Scribd!

IT Control Objectives For Sarbanes-Oxley

Diunggah oleh

0% menganggap dokumen ini bermanfaat (0 suara)

473 tayangan12 halaman

This document discusses IT control objectives for Sarbanes-Oxley compliance. It notes that while IT manages risk, the controls may not be formalized in a way required by management or auditors. It identifies key IT areas of responsibility, including understanding internal controls, mapping systems to financials, identifying risks, designing mitigating controls, and documenting and testing IT controls. The document also discusses ITGI control objectives around the IT control environment, computer operations, access to programs and data, and program development. It provides details on factors within each objective area that are important to consider.

Deskripsi Asli:

Objetivos de Control en las TI

Judul Asli

IT Control Objectives for Sarbanes-Oxley

Hak Cipta

Format Tersedia

PPT, PDF, TXT atau baca online dari Scribd

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Laporkan Dokumen Ini

Hak Cipta:

Format Tersedia

Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd

Tandai sebagai konten tidak pantas

0% menganggap dokumen ini bermanfaat (0 suara)

473 tayangan12 halaman

IT Control Objectives For Sarbanes-Oxley

Diunggah oleh

Diego Vergara

Hak Cipta:

Format Tersedia

Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd

Tandai sebagai konten tidak pantas

Lompat ke Halaman

Anda di halaman 1dari 12

Cari di dalam dokumen

IT Control Objectives for

Sarbanes-Oxley

Presented by Doug Moore, Jefferson Wells

International and Christine Chaney, Continental
Airlines

Managing Risk
many of the IT professionals being held
accountable for the quality and integrity of
information generated by their IT systems
are not well versed in the intricacies of
internal control. This is not to suggest that
risk is not being managed by IT, but rather
that it may not be formalized or structured
in a way required by an organizations
management or its auditors.

IT Key Areas of Responsibility

Understanding the organizations internal control
program and financial reporting process
Mapping the IT systems that support internal control
and the financial reporting process to the financial
statements
Identifying risks related to these systems
Designing and implementing controls designed to
mitigate the identified risks and monitoring them for
continued effectiveness
Documenting and testing IT controls

IT Key Areas of Responsibility

Ensuring that IT controls are updated and
changed, as necessary, to correspond with
changes in internal control or financial
reporting process
Monitoring IT controls for effective
operation over time
Participation by IT in the Sarbanes-Oxley
project management office

ITGI Control Objectives

IT Control Environment
Computer Operations
Access to Programs and Data
Program Development and Program Change

IT Control Environment
The PCAOB has indicated that an ineffective
control environment should be regarded as
at least a significant deficiency and as a
strong indicator that a material weakness in
internal control over financial reporting
exists

What is the IT Control

Environment?
IT Governance Process

IS Strategic Plan
IT risk management process
Compliance and Regulatory management
IT policies, procedures and standards

Monitoring and reporting are required to ensure

that IT is aligned with business requirements.

Computer Operations
Computer operations should include controls over:
Effective acquisition
Implementation
Configuration and maintenance
Ongoing controls over operation address the dayto-day delivery of information services, service
level mgt., management of third-party services,
etc.

Access to Programs and Data

Overall goal of access controls are to prevent
the unauthorized use of, and changes to,
the system, and entity protects it data and
program integrity.

Program Development and

Program Change
What are the acquisition and
implementation risks of new applications
and/or systems?
What are the risks of not having a good
change management program?

Multi-location Considerations
Significant business units
Potential financial materiality and
significant risk considerations, quantitative
and qualitative and both aspects provide
focus

Open Discussion

Anda mungkin juga menyukai

Information Systems Auditing: The IS Audit Study and Evaluation of Controls Process
Dari Everand
Information Systems Auditing: The IS Audit Study and Evaluation of Controls Process
Robert E. Davis
Penilaian: 3 dari 5 bintang
3/5 (2)
Information Systems Auditing: The IS Audit Planning Process
Dari Everand
Information Systems Auditing: The IS Audit Planning Process
Robert E. Davis
Penilaian: 3.5 dari 5 bintang
3.5/5 (2)
M1.2: Define Information Technology Processes
Dari Everand
M1.2: Define Information Technology Processes
Elizabeth Mogopodi
Belum ada peringkat
Information Systems Auditing: The IS Audit Testing Process
Dari Everand
Information Systems Auditing: The IS Audit Testing Process
Robert E. Davis
Penilaian: 1 dari 5 bintang
1/5 (1)
Auditor's Guide to IT Auditing
Dari Everand
Auditor's Guide to IT Auditing
Richard E. Cascarino
Penilaian: 4.5 dari 5 bintang
4.5/5 (3)
The Chartered Information Officer
Dari Everand
The Chartered Information Officer
Dr. Zulk Shamsuddin
Penilaian: 5 dari 5 bintang
5/5 (2)
ITGC Second Edition
Dari Everand
ITGC Second Edition
Gerardus Blokdyk
Belum ada peringkat
Information Systems Audit A Complete Guide - 2020 Edition
Dari Everand
Information Systems Audit A Complete Guide - 2020 Edition
Gerardus Blokdyk
Belum ada peringkat
Continuous Auditing A Complete Guide - 2020 Edition
Dari Everand
Continuous Auditing A Complete Guide - 2020 Edition
Gerardus Blokdyk
Belum ada peringkat
IT Security Audit A Complete Guide - 2019 Edition
Dari Everand
IT Security Audit A Complete Guide - 2019 Edition
Gerardus Blokdyk
Belum ada peringkat
Information technology audit The Ultimate Step-By-Step Guide
Dari Everand
Information technology audit The Ultimate Step-By-Step Guide
Gerardus Blokdyk
Belum ada peringkat
IT Asset Management A Complete Guide - 2021 Edition
Dari Everand
IT Asset Management A Complete Guide - 2021 Edition
Gerardus Blokdyk
Belum ada peringkat
IT Audit A Complete Guide - 2019 Edition
Dari Everand
IT Audit A Complete Guide - 2019 Edition
Gerardus Blokdyk
Belum ada peringkat
Digital Risk Management A Complete Guide - 2019 Edition
Dari Everand
Digital Risk Management A Complete Guide - 2019 Edition
Gerardus Blokdyk
Belum ada peringkat
Digital GRC A Complete Guide
Dari Everand
Digital GRC A Complete Guide
Gerardus Blokdyk
Belum ada peringkat
Qualified Security Assessor Complete Self-Assessment Guide
Dari Everand
Qualified Security Assessor Complete Self-Assessment Guide
Gerardus Blokdyk
Belum ada peringkat
Information Technology General Controls (Itgcs) 101
Dokumen16 halaman
Information Technology General Controls (Itgcs) 101
arif420_999
Belum ada peringkat
IT Audit A Complete Guide - 2020 Edition
Dari Everand
IT Audit A Complete Guide - 2020 Edition
Gerardus Blokdyk
Belum ada peringkat
IT Governance A Complete Guide - 2019 Edition
Dari Everand
IT Governance A Complete Guide - 2019 Edition
Gerardus Blokdyk
Belum ada peringkat
Continuous auditing Third Edition
Dari Everand
Continuous auditing Third Edition
Gerardus Blokdyk
Belum ada peringkat
ISO IEC 27002 2013 A Complete Guide - 2021 Edition
Dari Everand
ISO IEC 27002 2013 A Complete Guide - 2021 Edition
Gerardus Blokdyk
Belum ada peringkat
COBIT 5 For Risk Laminate Res Eng 0913
Dokumen8 halaman
COBIT 5 For Risk Laminate Res Eng 0913
dandisdandis
Belum ada peringkat
NIST CSF A Complete Guide - 2021 Edition
Dari Everand
NIST CSF A Complete Guide - 2021 Edition
Gerardus Blokdyk
Belum ada peringkat
ISO IEC 27001 Lead Implementer A Complete Guide - 2020 Edition
Dari Everand
ISO IEC 27001 Lead Implementer A Complete Guide - 2020 Edition
Gerardus Blokdyk
Belum ada peringkat
ISO 38500 A Complete Guide - 2021 Edition
Dari Everand
ISO 38500 A Complete Guide - 2021 Edition
Gerardus Blokdyk
Belum ada peringkat
IT Risk Management Process A Complete Guide - 2020 Edition
Dari Everand
IT Risk Management Process A Complete Guide - 2020 Edition
Gerardus Blokdyk
Belum ada peringkat
Information Technology Security Audit A Complete Guide - 2021 Edition
Dari Everand
Information Technology Security Audit A Complete Guide - 2021 Edition
Gerardus Blokdyk
Belum ada peringkat
Assuring IT Legal Compliance
Dari Everand
Assuring IT Legal Compliance
Robert E. Davis
Penilaian: 5 dari 5 bintang
5/5 (1)
Auditors A Complete Guide - 2020 Edition
Dari Everand
Auditors A Complete Guide - 2020 Edition
Gerardus Blokdyk
Belum ada peringkat
Compliance by Design: IT controls that work
Dari Everand
Compliance by Design: IT controls that work
Chong Ee
Penilaian: 5 dari 5 bintang
5/5 (1)
Governance Complete Self-Assessment Guide
Dari Everand
Governance Complete Self-Assessment Guide
Gerardus Blokdyk
Belum ada peringkat
RMF A Complete Guide - 2021 Edition
Dari Everand
RMF A Complete Guide - 2021 Edition
Gerardus Blokdyk
Belum ada peringkat
ISAudit 2010oct18
Dokumen239 halaman
ISAudit 2010oct18
Suvojit Deshi
Belum ada peringkat
IT Governance A Complete Guide - 2021 Edition
Dari Everand
IT Governance A Complete Guide - 2021 Edition
Gerardus Blokdyk
Belum ada peringkat
COBIT - A Key To Success As An IT Auditor
Dokumen3 halaman
COBIT - A Key To Success As An IT Auditor
kamuturi
Belum ada peringkat
Information Security Auditor: Careers in information security
Dari Everand
Information Security Auditor: Careers in information security
Wendy Goucher
Belum ada peringkat
ISO IEC 27001 Lead Implementer A Complete Guide - 2021 Edition
Dari Everand
ISO IEC 27001 Lead Implementer A Complete Guide - 2021 Edition
Gerardus Blokdyk
Belum ada peringkat
IT Governance The Ultimate Step-By-Step Guide
Dari Everand
IT Governance The Ultimate Step-By-Step Guide
Gerardus Blokdyk
Belum ada peringkat
IT GRC A Complete Guide - 2020 Edition
Dari Everand
IT GRC A Complete Guide - 2020 Edition
Gerardus Blokdyk
Belum ada peringkat
Information Technology Outsourcing
Dokumen32 halaman
Information Technology Outsourcing
Herbert Ngwarai
100% (1)
Access To Programs and Data Audit Work Program
Dokumen2 halaman
Access To Programs and Data Audit Work Program
Vic Villano
Belum ada peringkat
Windows Active Directory Audit Assurance Program - Icq - Eng - 0810
Dokumen35 halaman
Windows Active Directory Audit Assurance Program - Icq - Eng - 0810
Андрей Миксонов
Belum ada peringkat
SDLC Audit
Dokumen13 halaman
SDLC Audit
rajendracn
100% (1)
PAM Solutions A Complete Guide - 2019 Edition
Dari Everand
PAM Solutions A Complete Guide - 2019 Edition
Gerardus Blokdyk
Belum ada peringkat
Separation Of Duties A Complete Guide - 2021 Edition
Dari Everand
Separation Of Duties A Complete Guide - 2021 Edition
Gerardus Blokdyk
Belum ada peringkat
Third Party Risk Management Framework A Complete Guide - 2020 Edition
Dari Everand
Third Party Risk Management Framework A Complete Guide - 2020 Edition
Gerardus Blokdyk
Belum ada peringkat
IT General Controls
Dokumen6 halaman
IT General Controls
Patrick mdagano
Belum ada peringkat
Auditing Application Controls: Gtag® 8
Dokumen13 halaman
Auditing Application Controls: Gtag® 8
mename1234
Belum ada peringkat
COBIT 4 To 5 Mapping
Dokumen19 halaman
COBIT 4 To 5 Mapping
WikeUlfianiAresa
100% (1)
IT Audit Format
Dokumen15 halaman
IT Audit Format
Anonymous 9d1jFv
Belum ada peringkat
Sarbanes-Oxley (SOX) Project Approach Memo
Dokumen8 halaman
Sarbanes-Oxley (SOX) Project Approach Memo
Manna Mahadi
Belum ada peringkat
The Components of The IT Audit Report - Joa - Eng - 0120 PDF
Dokumen4 halaman
The Components of The IT Audit Report - Joa - Eng - 0120 PDF
Immanuel Giulea
Belum ada peringkat
IT Security Audit A Complete Guide - 2020 Edition
Dari Everand
IT Security Audit A Complete Guide - 2020 Edition
Gerardus Blokdyk
Belum ada peringkat
IT Asset Management ITAM Complete Self-Assessment Guide
Dari Everand
IT Asset Management ITAM Complete Self-Assessment Guide
Gerardus Blokdyk
Belum ada peringkat
Google Cloud Platform GCP Audit Program
Dokumen31 halaman
Google Cloud Platform GCP Audit Program
john
Belum ada peringkat
ISCA Quick Revision
Dokumen22 halaman
ISCA Quick Revision
zaaack
Belum ada peringkat
IT Risk Management Process A Complete Guide - 2019 Edition
Dari Everand
IT Risk Management Process A Complete Guide - 2019 Edition
Gerardus Blokdyk
Belum ada peringkat
Security Audit
Dokumen31 halaman
Security Audit
Tarang Shah
100% (2)
CISA A Clear and Concise Reference
Dari Everand
CISA A Clear and Concise Reference
Gerardus Blokdyk
Belum ada peringkat
Third Party Vendors A Complete Guide - 2020 Edition
Dari Everand
Third Party Vendors A Complete Guide - 2020 Edition
Gerardus Blokdyk
Belum ada peringkat
Ch17Notes Indexing Structures For Files
Dokumen39 halaman
Ch17Notes Indexing Structures For Files
Leónidas Villalba
Belum ada peringkat
5 - Signal Flow Graphs Masons Rule
Dokumen19 halaman
5 - Signal Flow Graphs Masons Rule
MGR fan
Belum ada peringkat
Kingfisher CRM
Dokumen6 halaman
Kingfisher CRM
Ajit Kanojia
Belum ada peringkat
Polyhouse Automation1
Dokumen23 halaman
Polyhouse Automation1
Chaitanya Gajbhiye
Belum ada peringkat
Soc Book
Dokumen19 halaman
Soc Book
murali
Belum ada peringkat
DVB-RCS NCR SPT
Dokumen8 halaman
DVB-RCS NCR SPT
Mike milly
Belum ada peringkat
Tsegaye Mekuria Checkol - Resume
Dokumen4 halaman
Tsegaye Mekuria Checkol - Resume
tsecosby
100% (1)
Apache 2.0 License - English
Dokumen5 halaman
Apache 2.0 License - English
babuchas69
Belum ada peringkat
Un Recordatorio de Privacidad de Google: Global Advanced English PDF
Dokumen2 halaman
Un Recordatorio de Privacidad de Google: Global Advanced English PDF
Tomas Delfiner
Belum ada peringkat
CH 4 - Footprinting and Social Engineering
Dokumen64 halaman
CH 4 - Footprinting and Social Engineering
coder
Belum ada peringkat
BCS301 Mathematics Model Question Paper 1
Dokumen5 halaman
BCS301 Mathematics Model Question Paper 1
Rana Manal
Belum ada peringkat
Sap PP PP Pi Functional Consultant Resume East Peoria Il
Dokumen11 halaman
Sap PP PP Pi Functional Consultant Resume East Peoria Il
balu4indians
Belum ada peringkat
Theories & Practices in Local Governance
Dokumen21 halaman
Theories & Practices in Local Governance
Lindsey Marie
Belum ada peringkat
Converting To SAP S/4HANA: Custom Code Migration
Dokumen15 halaman
Converting To SAP S/4HANA: Custom Code Migration
Kevin Anderson
Belum ada peringkat
Thesis Tables and Figures
Dokumen6 halaman
Thesis Tables and Figures
brandycarpenterbillings
100% (2)
Annex SL 9001 14001 45001 Management System Map
Dokumen3 halaman
Annex SL 9001 14001 45001 Management System Map
Pramod Athiyarathu
Belum ada peringkat
2.07 - FAM-Monitoring - v10x - Lab
Dokumen24 halaman
2.07 - FAM-Monitoring - v10x - Lab
Expertise DATA
Belum ada peringkat
CPAR - Lesson 1 - Elements and Principles of Visual Arts - Modified
Dokumen5 halaman
CPAR - Lesson 1 - Elements and Principles of Visual Arts - Modified
Rich Bagui
Belum ada peringkat
Test Bank and Soluiton 2018-2019
Dokumen40 halaman
Test Bank and Soluiton 2018-2019
A plus Test bank and Solution manual
Belum ada peringkat
HR Interview Question
Dokumen17 halaman
HR Interview Question
anon-351969
Belum ada peringkat
Ulss Ulsm Ulsl
Dokumen1 halaman
Ulss Ulsm Ulsl
Hamza
Belum ada peringkat
StreamServe Persuasion SP5 StreamStudio
Dokumen30 halaman
StreamServe Persuasion SP5 StreamStudio
Jackson Parfait
Belum ada peringkat
3b6 Load Moment Indicator (Lmi) For MRT Telescopic Handlers User Manual PDF
Dokumen1 halaman
3b6 Load Moment Indicator (Lmi) For MRT Telescopic Handlers User Manual PDF
Uebi Alves
0% (1)
Cartilla Informativa Plan Lector
Dokumen11 halaman
Cartilla Informativa Plan Lector
HilarioPaniuraHuayhua
Belum ada peringkat
Artificial Int Text Book
Dokumen100 halaman
Artificial Int Text Book
Ashwin
Belum ada peringkat
IOT-ques Bank (Sol)
Dokumen41 halaman
IOT-ques Bank (Sol)
Hrithik Sahu
Belum ada peringkat
Refrigeration Controlling Digital Scroll Technical Information en GB 4214506
Dokumen12 halaman
Refrigeration Controlling Digital Scroll Technical Information en GB 4214506
stefancuandrei
Belum ada peringkat
Java Exam Preparation Practice Test - 1
Dokumen10 halaman
Java Exam Preparation Practice Test - 1
mziabd
Belum ada peringkat
Option-2 ABB AHF Catalogue
Dokumen12 halaman
Option-2 ABB AHF Catalogue
sureshbabum85
Belum ada peringkat
Order of Complexity Analysis
Dokumen9 halaman
Order of Complexity Analysis
Music Life
Belum ada peringkat