Thursday, September 30, 2004

IT Control Objectives for Sarbanes-Oxley (PDF)

The Sarbanes-Oxley Act has fundamentally changed the business and regulatory environment. The Act aims to enhance corporate governance through measures that will strengthen internal checks and balances and, ultimately, strengthen corporate accountability. However, it is important to emphasize that section 404 does not require senior management and business process owners merely to establish and maintain an adequate internal control structure, but also to assess its effectiveness on an annual basis. This distinction is significant.

For those organizations that have begun the compliance process, it has quickly become apparent that IT plays a vital role in internal control. Systems, data and infrastructure components are critical to the financial reporting process. PCAOB Auditing Standard No. 2 discusses the importance of IT in the context of internal control. In particular, it states: The nature and characteristics of a company’s use of information technology in its information system affect the company’s internal control over financial reporting.

To this end, IT professionals, especially those in executive positions, need to be well versed in internal control theory and practice to meet the requirements of the Sarbanes-Oxley Act. CIOs must now take on the challenges of (1) enhancing their knowledge of internal control, (2) understanding their organization’s overall Sarbanes-Oxley compliance plan, (3) developing a compliance plan to specifically address IT controls, and (4) integrating this plan into the overall Sarbanes-Oxley compliance plan.

IT Control Objectives for Sarbanes-Oxley (PDF)

Send to a friend:

0 Comments: