As previous chapters have demonstrated, the world of Sarbanes-Oxley (SOx) is filled with a stream of acronyms, such as AS5, CobiT (Control Objectives for Information Technology), COSO (Committee of Sponsoring Organizations), and the PCAOB (Public Company Accounting Oversight Board). They have all become sort of shorthand that allows professionals to identify and describe some of the key processes that support enterprise SOx compliance. ITIL (Information Technology Infrastructure Library), introduced in Chapter 1, is yet another acronym that soon should become much more familiar to enterprises seeking SOx internal control compliance over their information technology (IT) infrastructure operations. ITIL describes recommended best practices for IT service support and service delivery processes, such as how to investigate and solve reported problems called into the operations help desk. These are the best practices and processes that are necessary for IT to process its applications in an efficient and well-controlled environment.

ITIL best practices were first developed in the 1980s by the British government's Office of Government Commerce (OGC)—formerly called the Central Computer and Telecommunications Agency. ITIL is a vendor/supplier-independent collection of best practices that have become widely observed in the IT service industry, first in the United Kingdom, then in the European Union (EU), next in Canada and Australia, ...