Big4Guy

Confessions, Thoughts, Observations and Musings of a Big4Guy

Big4Guy

Welcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.

Post details: Using COBIT Framework for Section 404 Compliance

03/15/07

Permalink 03:08:50 am, Categories: Sarbanes Oxley, 216 words   English (US)

Using COBIT Framework for Section 404 Compliance

COBIT is a framework which provides broad guidance for IT controls
evaluation. As such COBIT takes into account much more than just IT
controls surrounding financial reporting. Many organizations ask this question, whether COBIT can be used for Section 404 SOX compliance. The answer is a yes, COBIT can be used for IT controls, however, IT control objectives specified in COBIT need to be tailored to suit the requirements of the organization.

Even if a company were to take the effort for documentation based on
COBIT, it would have to filter relevant control objectives applicable to Sarbanes Oxley compliance. Only control objectives relevant to the financial reporting process need to be addressed as part of 404. A lot also depends upon the IT environment in the organization, and the applications underlying it. Testing of operating effectiveness is only requried for applications and IT processes which directly relate to financial reporting. Some important points to keep in mind before using COBIT for Section 404 are:

1. IT Application and data owner processes that support application should be focused upon.
2. COBIT should be tailored based on specific needs of the organization.
3. Approach should stress only those applications linked to FR process.

Related Posts

Main Indicators of Material Weakness
Selecting the Right Audit Committee
IT Governance for Sarbanes Oxley
Sarbanes Oxley XBRL Integration

Permalink Leave a comment

Comments:

No Comments for this post yet...

Official Websites

Categories


Archives

  • SAP GRC Virsa Rule Sets Updates
  • SAP MM Requirements for Setting up Plant
  • Lessons Learned Log for ASAP Implementation
  • SAP Solution Configuration Realization Phase
  • SAP MDM Master Data Import Manager Loading Data into SAP MDM
  • Compliance Calibrator SOD Conflicts Remediation Strategy
  • SAP Workload Analysis Monitor Tools ST03N
  • SAP BW Data Staging Basics Tutorial
  • How to Implement BW Infoobject Level Security
  • SAP BW Admnistrator Authorizations S_RS_ADMWB
  • BIW Reporting Auth Objects S_RS_COMP
  • SAP BW Security Authorization Objects for SAP BW
  • more...

    • Search

    Google

    Web Big4Guy.com

    September 2008
    Mon Tue Wed Thu Fri Sat Sun
    <<  <   >  >>
    1 2 3 4 5 6 7
    8 9 10 11 12 13 14
    15 16 17 18 19 20 21
    22 23 24 25 26 27 28
    29 30          

    Misc

    Syndicate this blog XML

    What is RSS?