|
This publication provides CIOs, IT managers, and control and assurance professionals with scoping and assessment ideas, approaches and guidance in support of the IT-related Committee of Sponsoring Organizations of the Treadway Commission (COSO) internal control objectives for financial reporting. Enhancements include:
- Focus on scoping and assistance in performing an IT risk assessment for Sarbanes-Oxley
- Insights into cultural and people management issues to highlight the human factors that need to be considered when complying with Sarbanes-Oxley
- Guidance on application controls added to assist companies in identifying and addressing various types of application controls and providing a business case for using application controls
- Changes to the readiness road map to simplify the process
- Cross references to COBIT 4.0 processes
- Guidance on segregation of duties for significant applications
- Issues in and approach for using SAS 70 examination reports
The second edition was also updated for recent SEC and PCAOB guidance related to entity level controls, risk based/top down approach, application controls and evaluation of deficiencies.
The IT Governance Institute, ISACA® and the contributors of IT Control Objectives for Sarbanes-Oxley have designed this publication primarily as a reference for executive management and IT control professionals, including IT management and assurance professionals, when evaluating an organization's IT controls required by the US Sarbanes-Oxley Act of 2002. |
| |
