SlideShare une entreprise Scribd logo

SOX- IT Perspective

Neelabh Srivastava
Neelabh Srivastava

The document discusses the Sarbanes-Oxley Act (SOX) from an IT perspective. It provides background on how major company frauds led to the creation of SOX. It describes the key points of SOX, including the requirements of section 404 for management to assess internal controls. While SOX compliance presents challenges and costs for companies, it can also streamline processes and reduce risks. The document addresses common questions about SOX's applicability and compliance requirements and concludes that maintaining strong IT controls is important for business efficiency beyond just financial reporting.

TechnologieBusiness
1  sur  17
Télécharger pour lire hors ligne
SOX: IT Perspective Neelabh Srivastava
SOX: IT Perspective Agenda  Background  Facts about SOX ACT  Objective  Section 404: Key Points  A Burden or Opportunity  Challenges  Sox Benefits  SOX Compliance Frameworks  FAQs  Conclusion 2 Neelabh Srivastava September 2012
SOX: IT Perspective Background  Two largest US companies goes bankrupt.  Other financial frauds follow.  Investors lost money & faith in companies  Debacle in Stock Market.  US govt. took action.  Sarbanes and Oxley Act was made Law. 3 Neelabh Srivastava September 2012
SOX: IT Perspective Facts about SOX Act  The Act was passed on 30 July, 2002.  Names after its Architects US Senator Paul Sarbanes and US Representative Michael Oxley.  Also Known as SOA (Sarbanes-Oxley Act)  Applies to Publicly-traded companies in US.  The act consists of 11 sections.  Known as one of the worst Tech related Bills of all time. 4 Neelabh Srivastava September 2012
SOX: IT Perspective Objective:  Fundamentally, Sarbanes-Oxley (SOX) requires that financial reports are based on accurate information and that the processes by which this information is collected are themselves accurate & controlled.  Rebuilding Public Trust. 5 Neelabh Srivastava September 2012
SOX: IT Perspective Section 404: Key Points  Refers to “Management assessment of Internal Controls”  With only 180 words, this section has created a furor in various depts. including IT.  As IT controls financial processing and reporting, therefore falls in SOX ambit.  Effectively it is forced implementation of the best practices.  404 Most contentious part of SOX. 6 Neelabh Srivastava September 2012
SOX: IT Perspective A Burden or An Opportunity It’s a matter of Perspective. Classic Example of “Glass Half Empty or Half Full” 7 Neelabh Srivastava September 2012
SOX: IT Perspective Challenges:  High Compliance Costs  Segregation of Duties (too few people)  Increase in Project Durations.  High Administrative work.  Increased workload on IT staff. 8 Neelabh Srivastava September 2012
SOX: IT Perspective SOX Benefits:  Standardizing/Eliminating Variation of Computing Envt.  Automation of Manual Processes.  Identification and addressing risks and in your environment.  Improved efficiencies through consolidation.  Reduced Operating costs.  Reduced Incidents  Documentation for every process/operation. 9 Neelabh Srivastava September 2012
SOX: IT Perspective SOX Compliance Frameworks  COBIT (Control Objectives for Information and Related Technology)  COSO (Committee of Sponsoring Organizations).  ITIL (Information Technology Infrastructure Library)  COCO (Criteria of Control).  Tumbull Framework  King Framework COSO is the most widely adopted framework in US. 10 Neelabh Srivastava September 2012
SOX: IT Perspective FAQ: 1) How often do companies need to comply with SOX - annually or quarterly? All publicly traded companies must comply with SOX both annually and quarterly. Section 404 is an annual evaluation of internal controls which requires annual compliance, whereas other sections like 302 and 906 are both quarterly certification requirements. 11 Neelabh Srivastava September 2012
SOX: IT Perspective FAQ: 2) What does Section 404 mean from practical perspective? In practice it will depend on the external auditor to define what aspects of the overall operations that they feel are material and then to what degree. It can be based on multiple criterion including their own control objectives. 12 Neelabh Srivastava September 2012
SOX: IT Perspective FAQ: 3) If the SOX is intended for Financial reforms then how does IT came in picture? The thing to remember about SOX is that it is primarily focused on the accuracy of financial reporting data. IT per say is important under SOX only to the extent that it enhances the reliability and integrity of that reporting which of course can be achieved by having full controls over IT infra, Change management, IT security etc… 13 Neelabh Srivastava September 2012
SOX: IT Perspective FAQ: 4) Whether non-production systems such as Dev, QA, Test etc.. systems should be in-scope for SOX? They might not be in the "direct" scope of SOX, but these environments certainly play a role in the Change Management process and other Life Cycles. Thus, they cannot be completely ignored. 14 Neelabh Srivastava September 2012
SOX: IT Perspective FAQ: 5) If this is ever going to finish? Unfortunately No, there will be an ongoing need to update and validate the processes and supporting documentation. 15 Neelabh Srivastava September 2012
SOX: IT Perspective Conclusion: The better reason to have good controls over IT and IT security, however, is not because it will make you SOX compliant but because it will make your business more efficient, enable you to better utilize your data, and allow you to trust ALL the data, not just financial reporting data. 16 Neelabh Srivastava September 2012
SOX: IT Perspective References: http://en.wikipedia.org/wiki/Sarbanes–Oxley_Act http://en.wikipedia.org/wiki/Information_technology_controls http://www.securityfocus.com/columnists/322 http://www.sarbanes-oxley-101.com 17 Neelabh Srivastava September 2012

Recommandé

Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Sox Compliance Presentation
Sox Compliance PresentationSox Compliance Presentation
Sox Compliance PresentationSkye Rogers
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologiesSalih Islam
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
Sox Compliance Solution
Sox Compliance SolutionSox Compliance Solution
Sox Compliance Solutionguest586cf0
 
IT Control Objectives Framework, A Relationship Between COSO Cobit and ITIL
IT Control Objectives Framework, A Relationship Between COSO Cobit and ITILIT Control Objectives Framework, A Relationship Between COSO Cobit and ITIL
IT Control Objectives Framework, A Relationship Between COSO Cobit and ITILAlfid Ardyanto
 
SOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleySOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleyAmarnath Gupta
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 

Recommandé

Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Sox Compliance Presentation
Sox Compliance PresentationSox Compliance Presentation
Sox Compliance PresentationSkye Rogers
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologiesSalih Islam
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
Sox Compliance Solution
Sox Compliance SolutionSox Compliance Solution
Sox Compliance Solutionguest586cf0
 
IT Control Objectives Framework, A Relationship Between COSO Cobit and ITIL
IT Control Objectives Framework, A Relationship Between COSO Cobit and ITILIT Control Objectives Framework, A Relationship Between COSO Cobit and ITIL
IT Control Objectives Framework, A Relationship Between COSO Cobit and ITILAlfid Ardyanto
 
SOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleySOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleyAmarnath Gupta
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)Corporate Registers Forum
 
Cobit5 and-grc
Cobit5 and-grcCobit5 and-grc
Cobit5 and-grcTatto Sugiopranoto
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
Sox presentation By DSA
Sox presentation By DSASox presentation By DSA
Sox presentation By DSAMuhammad Daniyal Shahid
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Sox compliance
Sox complianceSox compliance
Sox complianceG Madhusudhan
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited ResourcesLogRhythm
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Managementjiricejka
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002Syed Shah
 
Sarbanes-Oxley act
Sarbanes-Oxley actSarbanes-Oxley act
Sarbanes-Oxley actRizze
 

Contenu connexe

Tendances

Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited ResourcesLogRhythm
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Managementjiricejka
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 

Tendances (20)

5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
 
Cobit5 and-grc
Cobit5 and-grcCobit5 and-grc
Cobit5 and-grc
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
 
Sox presentation By DSA
Sox presentation By DSASox presentation By DSA
Sox presentation By DSA
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
Sox compliance
Sox complianceSox compliance
Sox compliance
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Management
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 

En vedette

Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002Syed Shah
 
Sarbanes-Oxley act
Sarbanes-Oxley actSarbanes-Oxley act
Sarbanes-Oxley actRizze
 
Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)vinaya.hs
 
Sox In Telecom Industry
Sox In Telecom IndustrySox In Telecom Industry
Sox In Telecom IndustryMahesh Panchal
 
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?SAPinsider Events
 
sap security interview_questions
sap security interview_questionssap security interview_questions
sap security interview_questionssumitmsn2
 
Sarbanes Oxley Act
Sarbanes Oxley ActSarbanes Oxley Act
Sarbanes Oxley Actles561
 
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...TransWare AG
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Smart ERP Solutions, Inc.
 
Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsAutomating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsSmart ERP Solutions, Inc.
 
Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 trainingsuresh
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsRohan Andrews
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP SecurityNasir Gondal
 
SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important QuestionsRagu M
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access ControlNasir Gondal
 

En vedette (20)

Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002
 
Sarbanes-Oxley act
Sarbanes-Oxley actSarbanes-Oxley act
Sarbanes-Oxley act
 
Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)
 
Sox In Telecom Industry
Sox In Telecom IndustrySox In Telecom Industry
Sox In Telecom Industry
 
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
 
sap security interview_questions
sap security interview_questionssap security interview_questions
sap security interview_questions
 
Sarbanes Oxley Act
Sarbanes Oxley ActSarbanes Oxley Act
Sarbanes Oxley Act
 
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
 
Sarbanes Oxley Act
Sarbanes Oxley ActSarbanes Oxley Act
Sarbanes Oxley Act
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23
 
Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsAutomating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and Financials
 
Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 training
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM Workflows
 
SAP grc
SAP grc SAP grc
SAP grc
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP Security
 
SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important Questions
 
Practical guide for sap security
Practical guide for sap security Practical guide for sap security
Practical guide for sap security
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access Control
 

Similaire à SOX- IT Perspective

GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001IJNSA Journal
 
AN IT EXECUTIVE'S OVERVIEW
AN IT EXECUTIVE'S OVERVIEWAN IT EXECUTIVE'S OVERVIEW
AN IT EXECUTIVE'S OVERVIEWRugby7277
 
Ontology and taxonomy creation presented dc 3day
Ontology and taxonomy creation presented dc 3dayOntology and taxonomy creation presented dc 3day
Ontology and taxonomy creation presented dc 3dayBrian K. Seitz
 
8 reasons you need a strategy for managing information..before it's too late
8 reasons you need a strategy for managing information..before it's too late8 reasons you need a strategy for managing information..before it's too late
8 reasons you need a strategy for managing information..before it's too lateVander Loto
 
Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007
Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007 Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007
Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007 Laurent Janssens
 
IT Governance Security questions and answers for Dr.Sidney. I will p.docx
IT Governance Security questions and answers for Dr.Sidney. I will p.docxIT Governance Security questions and answers for Dr.Sidney. I will p.docx
IT Governance Security questions and answers for Dr.Sidney. I will p.docxcareyshaunda
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT FrameworksFrancisco Calzado
 
Grove Ventures Shift Happens Report
Grove Ventures Shift Happens ReportGrove Ventures Shift Happens Report
Grove Ventures Shift Happens ReportLotanLevkowitz1
 
Grove Ventures Shift Happens Report
Grove Ventures Shift Happens ReportGrove Ventures Shift Happens Report
Grove Ventures Shift Happens ReportLotanLevkowitz1
 
Fast IT Mariano O'Kon, Cisco Live Cancun 2014
Fast IT Mariano O'Kon, Cisco Live Cancun 2014Fast IT Mariano O'Kon, Cisco Live Cancun 2014
Fast IT Mariano O'Kon, Cisco Live Cancun 2014Felipe Lamus
 
WEEK 1Resources Frameworks and Plenitude Please respond to t.docx
WEEK 1Resources Frameworks and Plenitude Please respond to t.docxWEEK 1Resources Frameworks and Plenitude Please respond to t.docx
WEEK 1Resources Frameworks and Plenitude Please respond to t.docxjessiehampson
 
ISO Monday Web Seminar - See A Lot By Looking
ISO Monday Web Seminar - See A Lot By LookingISO Monday Web Seminar - See A Lot By Looking
ISO Monday Web Seminar - See A Lot By Lookingafaber
 
Why Modern Systems Require a New Approach to Observability
Why Modern Systems Require a New Approach to ObservabilityWhy Modern Systems Require a New Approach to Observability
Why Modern Systems Require a New Approach to ObservabilityEnterprise Management Associates
 
The Room | Innotrain systematization
The Room | Innotrain systematization The Room | Innotrain systematization
The Room | Innotrain systematization Graphic Design Sydney
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic ConceptsSpyros Ktenas
 
SOA Course - SOA governance - Lecture 19
SOA Course - SOA governance - Lecture 19SOA Course - SOA governance - Lecture 19
SOA Course - SOA governance - Lecture 19phanleson
 
Newcastle conclusion2013
Newcastle conclusion2013Newcastle conclusion2013
Newcastle conclusion2013Lee Schlenker
 

Similaire à SOX- IT Perspective (20)

GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
 
AN IT EXECUTIVE'S OVERVIEW
AN IT EXECUTIVE'S OVERVIEWAN IT EXECUTIVE'S OVERVIEW
AN IT EXECUTIVE'S OVERVIEW
 
Convergence SOA & BI Presentation June 2010
Convergence SOA & BI Presentation June 2010Convergence SOA & BI Presentation June 2010
Convergence SOA & BI Presentation June 2010
 
Ontology and taxonomy creation presented dc 3day
Ontology and taxonomy creation presented dc 3dayOntology and taxonomy creation presented dc 3day
Ontology and taxonomy creation presented dc 3day
 
8 reasons you need a strategy for managing information..before it's too late
8 reasons you need a strategy for managing information..before it's too late8 reasons you need a strategy for managing information..before it's too late
8 reasons you need a strategy for managing information..before it's too late
 
Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007
Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007 Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007
Cutter Journal: Surfing the SOX wave thanks to CMMi ®, 2007
 
IT Governance Security questions and answers for Dr.Sidney. I will p.docx
IT Governance Security questions and answers for Dr.Sidney. I will p.docxIT Governance Security questions and answers for Dr.Sidney. I will p.docx
IT Governance Security questions and answers for Dr.Sidney. I will p.docx
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks
 
Israel IT Market 2006 2008
Israel IT Market 2006 2008Israel IT Market 2006 2008
Israel IT Market 2006 2008
 
Grove Ventures Shift Happens Report
Grove Ventures Shift Happens ReportGrove Ventures Shift Happens Report
Grove Ventures Shift Happens Report
 
Grove Ventures Shift Happens Report
Grove Ventures Shift Happens ReportGrove Ventures Shift Happens Report
Grove Ventures Shift Happens Report
 
ITIL continual service improvement
ITIL continual service improvementITIL continual service improvement
ITIL continual service improvement
 
Fast IT Mariano O'Kon, Cisco Live Cancun 2014
Fast IT Mariano O'Kon, Cisco Live Cancun 2014Fast IT Mariano O'Kon, Cisco Live Cancun 2014
Fast IT Mariano O'Kon, Cisco Live Cancun 2014
 
WEEK 1Resources Frameworks and Plenitude Please respond to t.docx
WEEK 1Resources Frameworks and Plenitude Please respond to t.docxWEEK 1Resources Frameworks and Plenitude Please respond to t.docx
WEEK 1Resources Frameworks and Plenitude Please respond to t.docx
 
ISO Monday Web Seminar - See A Lot By Looking
ISO Monday Web Seminar - See A Lot By LookingISO Monday Web Seminar - See A Lot By Looking
ISO Monday Web Seminar - See A Lot By Looking
 
Why Modern Systems Require a New Approach to Observability
Why Modern Systems Require a New Approach to ObservabilityWhy Modern Systems Require a New Approach to Observability
Why Modern Systems Require a New Approach to Observability
 
The Room | Innotrain systematization
The Room | Innotrain systematization The Room | Innotrain systematization
The Room | Innotrain systematization
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic Concepts
 
SOA Course - SOA governance - Lecture 19
SOA Course - SOA governance - Lecture 19SOA Course - SOA governance - Lecture 19
SOA Course - SOA governance - Lecture 19
 
Newcastle conclusion2013
Newcastle conclusion2013Newcastle conclusion2013
Newcastle conclusion2013
 

Dernier

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 

Dernier (20)

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

SOX- IT Perspective

  • 1. SOX: IT Perspective Neelabh Srivastava
  • 2. SOX: IT Perspective Agenda  Background  Facts about SOX ACT  Objective  Section 404: Key Points  A Burden or Opportunity  Challenges  Sox Benefits  SOX Compliance Frameworks  FAQs  Conclusion 2 Neelabh Srivastava September 2012
  • 3. SOX: IT Perspective Background  Two largest US companies goes bankrupt.  Other financial frauds follow.  Investors lost money & faith in companies  Debacle in Stock Market.  US govt. took action.  Sarbanes and Oxley Act was made Law. 3 Neelabh Srivastava September 2012
  • 4. SOX: IT Perspective Facts about SOX Act  The Act was passed on 30 July, 2002.  Names after its Architects US Senator Paul Sarbanes and US Representative Michael Oxley.  Also Known as SOA (Sarbanes-Oxley Act)  Applies to Publicly-traded companies in US.  The act consists of 11 sections.  Known as one of the worst Tech related Bills of all time. 4 Neelabh Srivastava September 2012
  • 5. SOX: IT Perspective Objective:  Fundamentally, Sarbanes-Oxley (SOX) requires that financial reports are based on accurate information and that the processes by which this information is collected are themselves accurate & controlled.  Rebuilding Public Trust. 5 Neelabh Srivastava September 2012
  • 6. SOX: IT Perspective Section 404: Key Points  Refers to “Management assessment of Internal Controls”  With only 180 words, this section has created a furor in various depts. including IT.  As IT controls financial processing and reporting, therefore falls in SOX ambit.  Effectively it is forced implementation of the best practices.  404 Most contentious part of SOX. 6 Neelabh Srivastava September 2012
  • 7. SOX: IT Perspective A Burden or An Opportunity It’s a matter of Perspective. Classic Example of “Glass Half Empty or Half Full” 7 Neelabh Srivastava September 2012
  • 8. SOX: IT Perspective Challenges:  High Compliance Costs  Segregation of Duties (too few people)  Increase in Project Durations.  High Administrative work.  Increased workload on IT staff. 8 Neelabh Srivastava September 2012
  • 9. SOX: IT Perspective SOX Benefits:  Standardizing/Eliminating Variation of Computing Envt.  Automation of Manual Processes.  Identification and addressing risks and in your environment.  Improved efficiencies through consolidation.  Reduced Operating costs.  Reduced Incidents  Documentation for every process/operation. 9 Neelabh Srivastava September 2012
  • 10. SOX: IT Perspective SOX Compliance Frameworks  COBIT (Control Objectives for Information and Related Technology)  COSO (Committee of Sponsoring Organizations).  ITIL (Information Technology Infrastructure Library)  COCO (Criteria of Control).  Tumbull Framework  King Framework COSO is the most widely adopted framework in US. 10 Neelabh Srivastava September 2012
  • 11. SOX: IT Perspective FAQ: 1) How often do companies need to comply with SOX - annually or quarterly? All publicly traded companies must comply with SOX both annually and quarterly. Section 404 is an annual evaluation of internal controls which requires annual compliance, whereas other sections like 302 and 906 are both quarterly certification requirements. 11 Neelabh Srivastava September 2012
  • 12. SOX: IT Perspective FAQ: 2) What does Section 404 mean from practical perspective? In practice it will depend on the external auditor to define what aspects of the overall operations that they feel are material and then to what degree. It can be based on multiple criterion including their own control objectives. 12 Neelabh Srivastava September 2012
  • 13. SOX: IT Perspective FAQ: 3) If the SOX is intended for Financial reforms then how does IT came in picture? The thing to remember about SOX is that it is primarily focused on the accuracy of financial reporting data. IT per say is important under SOX only to the extent that it enhances the reliability and integrity of that reporting which of course can be achieved by having full controls over IT infra, Change management, IT security etc… 13 Neelabh Srivastava September 2012
  • 14. SOX: IT Perspective FAQ: 4) Whether non-production systems such as Dev, QA, Test etc.. systems should be in-scope for SOX? They might not be in the "direct" scope of SOX, but these environments certainly play a role in the Change Management process and other Life Cycles. Thus, they cannot be completely ignored. 14 Neelabh Srivastava September 2012
  • 15. SOX: IT Perspective FAQ: 5) If this is ever going to finish? Unfortunately No, there will be an ongoing need to update and validate the processes and supporting documentation. 15 Neelabh Srivastava September 2012
  • 16. SOX: IT Perspective Conclusion: The better reason to have good controls over IT and IT security, however, is not because it will make you SOX compliant but because it will make your business more efficient, enable you to better utilize your data, and allow you to trust ALL the data, not just financial reporting data. 16 Neelabh Srivastava September 2012
  • 17. SOX: IT Perspective References: http://en.wikipedia.org/wiki/Sarbanes–Oxley_Act http://en.wikipedia.org/wiki/Information_technology_controls http://www.securityfocus.com/columnists/322 http://www.sarbanes-oxley-101.com 17 Neelabh Srivastava September 2012