Definition of Sarbanes Oxley
Defined as: The act that was designed to review dated legislative audit requirements. The goal of the act was to protect investors by improving the accuracy and reliability of corporate disclosures. The act covers issues such as establishing a public company accounting oversight board, auditor independence, corporate responsibility and enhanced financial disclosure.
|
|
Sarbanes Oxley
|
|
An Enterprise Approach to Sarbanes-Oxley Compliance
As is generally the case with such a far-reaching issue as the Sarbanes-Oxley Act (SOX), the approach that provides the quick fix or rapid return on investment (ROI) is often too good to be true. Leading companies recognize this and are taking a more strategic approach to ensuring their numbers measure up to the increased scrutiny of today's investor. They are using this law not as something that just needs a quick fix, but as an opportunity to take a look at processes and restructure the way they run their business. What's more, they are finding that they already have a lot of what they need in their company. The right people, the right processes, and the right technology. In this paper, we'll explore the ways in which business intelligence (BI) and Business Objects can play a key role in this strategy.
Read the Article
|
Identity Auditing is the Key to Maintaining SOX Compliance
Compliance requirements aren't going away and manual processes are an ineffectual solution. For business leaders, identity auditing and control solutions provide a valid alternative. A disciplined approach to addressing SOX 404 through the use of identity for automated controls provides an effective method. Automation is the key to expediting the compliance process and creating clear tracking for future auditing and accountability.
Read the Article
|
The Impact of the Sarbanes-Oxley Act on IT Security
This paper goes on to define the Sarbanes-Oxley Act and its requirements, a framework for compliance, and specific IT security areas that must be considered during compliance efforts. According to the Deloitte and Touche Information Security and Privacy Group, "there is a lack of clarity on the impact of multiple governance initiatives (including Sarbanes-Oxley) on information security".4 By not specifically addressing IT security, the Act leaves room for interpretation. The information presented below is based on the research I conducted and represents my interpretation of the effects of the Sarbanes-Oxley Act on IT security. In the near future, as compliance efforts progress, new standards and best practices relating specifically to IT security controls in a Sarbanes-compliant environment will be released. This paper is not intended to provide reference to all the controls that should be considered during compliance efforts.
Read the Article
|
The Role of IT Security in Sarbanes-Oxley Compliance
The Sarbanes-Oxley Public Company Accounting Reform and Investor Protection Act of 2002 requires that the CEOs and CFOs of publicly-held companies certify each annual and quarterly report filed with the Securities and Exchange Commission. This document will summarize the requirements of Sarbanes-Oxley as they apply to IT and define the controls IT must be concerned with in the certification process. This document pertains only to the role of IT and IT security in Sarbanes-Oxley controls compliance; other company departments - accounting, finance, human resources, etc., may be subject to controls not covered herein.
Read the Article
|
Security and Sarbanes-Oxley
This paper provides and overview of the Sarbanes-Oxley mandate. Sarbanes-Oxley doesn't mandate specific internal controls such as strong authentication or the use of encryption.
Read the Article
|
Sarbanes, Oxley and You
Fiona Williams, who is responsible for Deloitte & Touche's security services practice for North America, answers readers' questions about the Sarbanes-Oxley Act.
Read the Article
|
Stepping Up to Sarbanes-Oxley
Besides getting bored, I also came away confused because it offered no guidance on the related information security issues. After further reading, I decided that the most important part for my group is Section 404, titled "Management Assessment of Internal Controls." This section mandates that management attest to the effectiveness of our company's "internal control" structure and procedures for financial reporting. Internal control is an extremely broad term, but I translated this section to mean that the CEO will expect my group to have sufficient controls in place to ensure the confidentiality, integrity and availability of financial and other critical information. So I came up with an initial plan to ensure compliance.
Read the Article
|
Sarbanes-Oxley (SOX) Impact on Security In Software
The following chart is an example of an security assessment matrix that may be used to evaluate security impact of various regulations to software development projects. This is just an example for use in the case of Sarbanes-Oxley. Most of the countermeasures are commonly known. By using this matrix approach, it is possible to get a rough understanding of possible requirements to expect from customers/end users.
Read the Article
|
The Wireless LAN and Sarbanes-Oxley Compliance
Wireless networks are of particular concern to SOX compliance because they are leaky and easily breached unless adequate defenses are in place. This white paper addresses: the components of SOX that are most relevant to the corporation that deploys wireless technologies, how the WLAN is vulnerable, a comprehensive approach to WLAN security,and how AirMagnet's intrusion prevention technology can play an important role in ensuring your corporation's SOX compliance.
Read the Article
|
Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge
The bulk of financial information in many companies is created, stored and transmitted electronically. For these reasons, compliance with federal requirements such as the Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Companies that must comply with SOX are U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. Ultimately accountable for SOX compliance are the corporate CEO and CFO.Learn the important issues your IT staff must consider when building a Sarbanes-Oxley compliant infrastructure.
Read the Article
|
|
|
Page: 1 2
Members currently browsing this category:
|
|
