Big4Guy

Confessions, Thoughts, Observations and Musings of a Big4Guy

Big4Guy

Welcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.

Post details: Sarbanes Oxley Basics - Four Steps in Designing Internal Controls

12/21/05

Permalink 10:50:07 pm, Categories: Term of the Day, 220 words   English (US)

Sarbanes Oxley Basics - Four Steps in Designing Internal Controls

Internal Control designing is a step by step process. If correctly understood one can easily design internal controls for any process irrespective of the company. I am today discussing the brief steps for designing efficient and effective internal controls. The steps below are intended to just give an overview. I would be discussing the entire internal control design process in detail later on.

Four Steps in Designing Effective Internal Controls

Undertand the Risk - The first step in designing internal controls is to understand the risk that you are trying to mitigate. Without a clear understanding of risk, its unlikely that you would be able to design good internal controls.

Identify Control Activity - Once you have identified the risk, identify the control activity which would reduce the identified risk to an acceptable level.

Benefit Vs. Costs - In any controls design process it very important to compare cost of controls with the benefits to be derived. Controls no doubt have a cost, however, cost of controls should not overweigh the benefits. It's no point protecting an assets worth a couple of hundred dollars with a biometric control costing thousands.

Establish Internal Control - Having accomplished the above three steps, the last step is establishing the identified activity as an internal control.

More on SOX.......>>>

SOX for Small Issuers

SOX Applicability to Foreign Issuers

Permalink 1 comment

Comments:

Comment from: Thomas Neudenberger [Visitor]
Benefit Vs. Costs:
You correctly say that there is no point in protecting something worth 100 bucks with biometrics that will cost a few thousand. I would like to point out that most data probably have a much higher “damage price tag” than people might think! Encentuate stated in 2003 that they average damage caused by a disgruntled employee is $2.7 Mio. The damage could include anything from stealing, selling and deleting data to bad press, image loss (resulting in a stock value decline) and multi million dollar lawsuits. The first InformationWeek magazine this year had on the front page a guy writing over and over “ I will protect personal data “. The article included 6 major companies that had significant breaches in the previous month and general damages for businesses were conservatively estimated at $48 billion…

An alternative approach would be not to choose to protect “a certain risk”, but certain user profiles with access to high-risk data. Choose the people or departments with the most critical access (Finance, HR, Administration, Top Management, etc. ) and protect their access. Once there access is protected with biometrics or alternative solutions (see www.singlgesignon.us why biometrics is recommended) the risk of financial damage will be significantly reduced.
Permalink 02/02/06 @ 08:33

Official Websites

Categories


Archives

  • SAP Netweaver BI Business Intelligence Basics
  • SAP GRC Virsa Rule Sets Updates
  • SAP MM Requirements for Setting up Plant
  • Lessons Learned Log for ASAP Implementation
  • SAP Solution Configuration Realization Phase
  • SAP MDM Master Data Import Manager Loading Data into SAP MDM
  • Compliance Calibrator SOD Conflicts Remediation Strategy
  • SAP Workload Analysis Monitor Tools ST03N
  • SAP BW Data Staging Basics Tutorial
  • How to Implement BW Infoobject Level Security
  • SAP BW Admnistrator Authorizations S_RS_ADMWB
  • BIW Reporting Auth Objects S_RS_COMP
  • more...

    • Search

    Google

    Web Big4Guy.com

    January 2009
    Mon Tue Wed Thu Fri Sat Sun
    <<  <   >  >>
          1 2 3 4
    5 6 7 8 9 10 11
    12 13 14 15 16 17 18
    19 20 21 22 23 24 25
    26 27 28 29 30 31  

    Misc

    Syndicate this blog XML

    What is RSS?