IT Control Objectives for Sarbanes-Oxley 2nd Edition 


IT Control Objectives for Sarbanes-Oxley, 2nd Edition  Download (Registration Required, 1.4M)
  Download (Italian; Registration Required, 903K)
  Download (Japanese; Registration Required, 1.8M)
  Download - Appendix C and part of Appendix D (Member Only, 598K)
  SOX Apéndice C - ITCO For Sarbanes-Oxley (Spanish; Registration Required, 336K)
Bookstore Purchase the Book

  Provide feedback on this document
Knowledge Center  Visit the Sarbanes-Oxley (SOX) Knowledge Center community

This publication provides CIOs, IT managers, and control and assurance professionals with scoping and assessment ideas, approaches and guidance in support of the IT-related Committee of Sponsoring Organizations of the Treadway Commission (COSO) internal control objectives for financial reporting. Enhancements include:

  • Focus on scoping and assistance in performing an IT risk assessment for Sarbanes-Oxley
  • Insights into cultural and people management issues to highlight the human factors that need to be considered when complying with Sarbanes-Oxley
  • Guidance on application controls added to assist companies in identifying and addressing various types of application controls and providing a business case for using application controls
  • Changes to the readiness road map to simplify the process
  • Cross references to COBIT 4.0 processes
  • Guidance on segregation of duties for significant applications
  • Issues in and approach for using SAS 70 examination reports

The second edition was also updated for recent SEC and PCAOB guidance related to entity level controls, risk based/top down approach, application controls and evaluation of deficiencies.

The IT Governance Institute, ISACA® and the contributors of IT Control Objectives for Sarbanes-Oxley have designed this publication primarily as a reference for executive management and IT control professionals, including IT management and assurance professionals, when evaluating an organization's IT controls required by the US Sarbanes-Oxley Act of 2002.