Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Sarbanes-Oxley (SOX)

Welcome to the SOX topic!

Collaborate, contribute, consume and create knowledge around the design, implementation, and testing of risks and controls used to satisfy the US Sarbanes Oxley Act of 2002.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
750 Members
1 Online
9410 Visits

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 45 total

Must be a Topic member to contribute
View All »
Management is contemplating moving quarterly testing of SOX IT controls from our corporate audit department over to our IT Risk & Compliance area. However, our IT Risk & Compliance function is by definition involved in the remediation of SOX deficienci...
jtibaldi | 6/15/2018 3:10:35 PM | COMMENTS(6)
Is there any guidance or training on delineating between General IT controls and IT controls specific to SOX? e.g., cyber security might be relevant or more relevant to one versus another...
Maria893 | 6/15/2018 12:45:01 PM | COMMENTS(1)
We are having an internal discussion regarding "Control Owner" versus "Process Owner" for IT General Controls (for SOX).  Based on our different experiences, they mean different things.   One "owner" - generally accountable for the overall control - perha...
AgVball | 6/8/2018 2:35:12 AM | COMMENTS(7)
We are a growing mid-sized public company with a small IT department with no central ownership of IT applications and no dedicated IT application security personnel.  The question for discussion here is who should own the UAR?  We understand that the user...
Jason065 | 4/16/2018 8:36:07 AM | COMMENTS(6)
Currently supporting an IT Audit and wanted to know if anyone could share or point to a generic population of ITGC's including corresponding risks.  Preferably one that is comprehensive enough to meet regulatory requirements. Thanks  
Iker026 | 3/23/2018 7:28:44 AM | COMMENTS(5)
Hi All, I will like to know if any had conducted any Assessment on DevSecOps and what are the reference documents for such. Any idea on Reference Architecture.
AYODEJI837 | 1/15/2018 11:32:39 AM | COMMENTS(1)

Documents & Publications: 7 total

Events & Online Learning: 0 total

No Results Found

Journal Articles: 11 total

Volume 1, 2016
by Balraj Thuppalay, CISM, CISSP
Both internal auditors and compliance analysts can play a vital role in helping companies achieve compliance with the US Sarbanes-Oxley Act of 2002, with focused reviews of IT general controls (ITGCs) around SAP.
Volume 4, 2014
by Frederick G. Mackaden, CISA, CMA, PMP
Any organization would like to have an optimal approach to a Sarbanes-Oxley Act review, whether it is the process used or the Sarbanes-Oxley review team’s composition.
Volume 1, 2012
by Prakhar Srivastava and Tarun Verma
Log management can play a pivotal role in addressing PCI DSS requirements, be a success factor and enabler for safeguarding cardholder transaction data, and provide a secure and vulnerability-free environment for cardholders.
Volume 6, 2011
by Harmeet Kaur, CEH
As today’s business climate demands greater efficiency, security and regulatory compliance, the need for an effective IAM process has never been more pressing.
Volume 5, 2011
by Derek Mohammed, Ph.D., CISA, CISSP, PMP
Organizations need fully articulated security policies and procedures based on industry best practices to solidify their information system defenses and meet legal, contractual and regulatory requirements.
Volume 3, 2011
by William C. Brown, CISA, CPA, and Byron J. Pike, CPA
The US Securities and Exchange Commission (SEC) is planning what could be among the largest changes in the history of American accounting.

Wikis: 2 total

Blog Posts: 2 total

Must be a Topic member to view blog posts
"Combatirse a sí mismo es la guerra más difícil; vencerse a sí mismo es la victoria más bella"Friedrich von Logau (1605-1655) Poeta alemán.En estos momentos en que la contratación de un profesional para una empresa debe de ser un tema muy bien planteado, ...
Posted By : Javier | 0 comments
On March 1st,  I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center. Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : appolloconsulting | 2 comments