3.8. APPENDIX 3A Sarbanes-Oxley Compliance Road Map
Plan and Scope: Gain an understanding of how the financial reporting process works and identify where technology is critical in the support of this process; key systems, subsystems.
Perform Risk Assessment: Performed for systems supporting the financial reporting process—for example, quality and integrity of information managed by IT systems, access controls, authorizations, availability and timeliness of information, recoverability controls, and so on. The probability and impact of possible failures at various locations, within business units, and so on, is critical.
Identify Significant Controls: Identify significant accounts and relevant application controls. Application controls are business processes designed within an application to prevent/detect unauthorized transaction, ensuring completeness, accuracy, authorization, and validity of processing transactions. Companies should assess the controls that support the quality and integrity of information.
Document Controls: Documentation is a unique aspect to the Sarbanes- Oxley compliance process and for many companies will present significant challenges. A company should document its approach to IT control, encompassing the assignment of authority and responsibility for IT controls as well as their design and operation.
Evaluate Control Design: Evaluate the ability of the company's ...
Get IT Portfolio Management Step-by-Step: Unlocking the Business Value of Technology now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
