IT
Compliance and Governance for Sarbanes-Oxley and Other Regulations
Publication
MAP-59 - New Book -
October 2006
Javier F. Kuong
ISBN: 0-940706-69-5
– ISBN13: 978-0-940706-69-9
In today’s highly competitive and complex
business environment most key business processes required to operate modern business
activities rely on Information technology to be viable.
This applies in varying degrees to all kinds of business organizations,
whether publicly owned or private and whether large, medium or small in size. It is just not economically feasible to function
without an enabling information technology infrastructure (IT).
Two major factors are present in running today’s
businesses:
1.
Organizations have a dire need to run their
business activities and operations in the most cost-effective manner.
2.
Organizations are increasingly subject to
regulatory laws and mandates to preserve the integrity of financial reporting and protect
the interests and the privacy of stakeholders and customers.
The first consideration relates to maximizing
the ROI on the business investment in IT. The second one is related to protecting the
organization from the so-called “regulatory risk” to avoid the potential for
regulatory agency penalties, liability to senior officers, and potential legal action from
stakeholders.
By this time, virtually all officers and
employees of companies are aware of the implications of the Sarbanes-Oxley Act of 2002
which mandated that publicly owned companies have a robust system of internal control to
support financial integrity and reporting. This
law actually makes key senior officers, the CEO, the CFO and Board members directly liable
for unsound financial reporting and lack of transparency on any activities that can impact
stockholders and employees.
The first consideration relates to maximizing
the ROI on the business investment in IT. The second one is related to protecting the
organization from the so-called “regulatory risk” to avoid the potential for
regulatory agency penalties, liability to senior officers, and potential legal action from
stakeholders.
CONTENTS
1.1
The IT Infrastructure Is Vital to Support
1.2
Laws and Regulations Make it Mandatory for IT to Have a Sound
Internal Control Infrastructure
1.3 The Advent of Sarbanes-Oxley Places Particular Demands on CIOs and IT Professionals to Comply with Regulations
1.4
The Importance of Adopting an Internal control Framework
1.5
Complying with Regulatory laws and Mandates Is not Negotiable
1.6
Establishing sound IT Governance Is Vital to Facilitating
1.7 The Smart Executive Must Support Governance Programs that Incorporate and Support Compliance Obligations
1.8 With Regulations that Include hefty Penalties for Non-compliance It Is No Longer IT Business as Usual
2. INTERNAL CONTROL FRAMEWORKS
AND IT
2.1
The Current regulatory Environment in Which Publicly Owned
Enterprises Must Function
2.2
Background on the Sarbanes-Oxley Act of 2002
2.3
Key Sarbanes-Oxley Sections that Impact the Need for Robust
Internal Control and Compliance
2.4
The COSO Internal Control Framework
2.3
There Are Several Frameworks for Internal Control
2.2
Considerations in Adopting a Framework to Control IT
2.3
No Single Framework Is Fully Adequate to Govern IT
2.4
Limitations of the Most Commonly Known Frameworks
2.5
Distinction Between Frameworks and IT Standards
2.6
Start by Adopting One IT Control Framework
2.7
Building Upon the Initial Framework and Moving to Full;
Governance
2.8
Importance of relating the IT Compliance Program to the
3.
PRINCIPLES OF GOVERNANCE APPLIED TO IT
3.1
What Is Governance?
3.2
Corporate or
3.3
IT Governance
3.4
IT Internal Controls in Three
Major Segments
3.5
Critical Business Processes
3.6
The People Controls Segment
3.7
Controlling the Technology
Infrastructure- The Third Key Segment
3.8 Relationship Between Compliance and IT Governance
4.
THE MOST COMMONLY USED CONTROL FRAMEWORKS AND
STANDARDS
4.1
The Most Commonly Used Frameworks and Standards
4.2
The COSO Internal Control Framework
4.3
The CObIT Control Framework for IT
4.4
The ITIL IT Governance Standard
4.5 What
Is the Difference Between CObIT and ITIL?
4.6
Other Standards and Guidelines
4.7 The ISO 17799 Standard
4.7 Conclusion
5. AN ACTION PLAN TO DEVELOP
AND DEPLOY AN IT COMPLIANCE AND GOVERNANCE PROGRAM
5.1
The Need for a Detailed Plan to Make IT
Governance a Reality
5.2
Key Success factors for a Successful IT
Governance Program
5.3
Key Phases in Making IT Governance a Reality
5.4
Action Plan Components
5.5
Phase I. Initiation,
Management Involvement and program Definition
5.6
Phase 2. Organizing for IT Governance –
Options
5.7
Phase 3. Defining Objectives and Scope
5.8
Phase 4. Developing IT Governance Components
5.9
Phase 5. Deploying the IT Governance Program
5.10
Phase
6. Operating the IT Governance Program
5.11
Phase
7. Evolving, Improving and Maintaining the IT Governance Program
5.12
Summary
of IT Governance and Control
APPENDIX
A.
Literature Sources
B.
Glossary of Terms
C.
Index
Book Order Form MANAGEMENT
ADVISORY SERVICES & PUBLICATIONS Fax: 781-235-5446
Email:Orders@masp.com Web site: www,masp.com |
Send___copies of “IT Compliance and
Governance for Sarbanes-Oxley and Other Regulations” (MAP-57) – ISBN 0940706-69-5 Name_____________________________________Title__________________ Company_______________________________Div/Dept._________________ Address_______________________________City______________________ ST___ZIP______Tel______________Fax__________Email_______________ Payment of $150 per copy is enclosed (Add $10 for US and $35
for overseas airmail). A ten percent discount applies to orders
of 3 or more copies. |
Discounts are available for multiple copy purchase. Inquire at orders@masp.com.
Click below for ORDER FORM
A NEW SEMINAR ON "HOW TO DEVELOP AN I.T. COMPLIANCE AND GOVERNANCE PROGRAM FOR SARBANES-OXLEY AND OTHER MANDATES" IS NOW AVAILABLE. Inquire at 781-235-2895 or email: seminars@masp.com