IT Control Objectives for Sarbanes-Oxley Using COBIT 5, 3rd Edition 

 

Bookstore Purchase the Download:  Member US $25  |  Non-Member US $60
Bookstore Purchase in Book Format:  Member US $35  |  Non-Member US $70

IT Control Objectives for Sarbanes-Oxley  Provide feedback on this document

  View News Release

Knowledge Center  Visit the Sarbanes-Oxley (SOX) Knowledge Center community

This publication provides CIOs, IT managers, and control and assurance professionals with scoping and assessment ideas, approaches and guidance in support of the IT-related Committee of Sponsoring Organizations of the Treadway Commission (COSO) internal control objectives for financial reporting. Enhancements include:

  • The requirements of the PCAOB’s Auditing Standard No. 5 (AS 5)
  • Mappings of the role of the COSO framework and its relationship to COBIT 5
  • Detailed examples of application controls
  • Issues in using SSAE 16 SOC 1 Examination reports
  • IT Sarbanes-Oxley compliance road map

The third edition of IT Control Objectives for Sarbanes-Oxley: Using COBIT 5 in the Design and Implementation of Internal Controls Over Financial Reporting accommodates new and revised guidance and standards from ISACA, the PCAOB and the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board (ASB). Further, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) recently published a revised edition of its Internal Control—Integrated Framework, which is adopted by most SEC registrants. The third edition of IT Control Objectives for Sarbanes-Oxley is not a rewrite, but is a major upgrade to the successful second edition. This guide is not an assessment of an enterprise's governance of enterprise IT (GEIT); rather it provides guidance on a focused topic—the assessment of effectiveness of internal control over financial reporting.

The IT Governance Institute, ISACA and the contributors of IT Control Objectives for Sarbanes-Oxley have designed this publication primarily as a reference for executive management and IT control professionals, including IT management and assurance professionals, when evaluating an organization's IT controls required by the US Sarbanes-Oxley Act of 2002.