|
The Sarbanes Oxley Act (SOX) created a heightened awareness of the importance of Internal Controls although they were always necessary for successful systems operations. Understanding and implementing effective controls were key components of effective system implementation long before SOX became law.
CTCG focuses particularly on the convergence of Accounting Controls and IT Controls. COSO, the standard adopted by Sarbanes Oxley, classifies IT Controls in two categories: General IT Controls and Applications Controls. Information systems auditors further subdivide these categories as follows:
General IT Controls:
- IT Management
- Acquisition and Development of Application Software
- Acquisition of Infrastructure (Computer Hardware and Operating Software)
- IT Policies and Procedures
- Production Management
- Change Management
- Service Level Management
- Third-Party Services Management (if applicable)
- System Security
- Configuration Management
- Problem/Incident Management
- Data Management
- Computer Operations Management
Application Controls:
- Sales Cycle Controls
- Purchasing Cycle Controls
- Inventory Cycle Controls
- Asset Cycle Controls
- HR Cycle Controls
- General Accounting Systems Controls
This outline has become the standard for Sarbanes Oxley compliance.
We evaluate, design and implement IT Internal Controls that meet the requirements of the Sarbanes Oxley mandate and ensure a controlled computing environment.
|
