it control objectives for sarbanes oxley n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
IT Control Objectives for Sarbanes-Oxley PowerPoint Presentation
Download Presentation
IT Control Objectives for Sarbanes-Oxley

Loading in 2 Seconds...

play fullscreen
1 / 12

IT Control Objectives for Sarbanes-Oxley - PowerPoint PPT Presentation


  • 383 Views
  • Uploaded on

IT Control Objectives for Sarbanes-Oxley. Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines. Managing Risk .

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'IT Control Objectives for Sarbanes-Oxley' - benjamin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
it control objectives for sarbanes oxley

IT Control Objectives for Sarbanes-Oxley

Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines

managing risk
Managing Risk

“…many of the IT professionals being held accountable for the quality and integrity of information generated by their IT systems are not well versed in the intricacies of internal control. This is not to suggest that risk is not being managed by IT, but rather that it may not be formalized or structured in a way required by an organization’s management or its auditors.”

it key areas of responsibility
IT Key Areas of Responsibility
  • Understanding the organization’s internal control program and financial reporting process
  • Mapping the IT systems that support internal control and the financial reporting process to the financial statements
  • Identifying risks related to these systems
  • Designing and implementing controls designed to mitigate the identified risks and monitoring them for continued effectiveness
  • Documenting and testing IT controls
it key areas of responsibility1
IT Key Areas of Responsibility
  • Ensuring that IT controls are updated and changed, as necessary, to correspond with changes in internal control or financial reporting process
  • Monitoring IT controls for effective operation over time
  • Participation by IT in the Sarbanes-Oxley project management office
itgi control objectives
ITGI Control Objectives
  • IT Control Environment
  • Computer Operations
  • Access to Programs and Data
  • Program Development and Program Change
it control environment
IT Control Environment

The PCAOB has indicated that an ineffective control environment should be regarded as at least a significant deficiency and as a strong indicator that a material weakness in internal control over financial reporting exists

what is the it control environment
What is the IT Control Environment?
  • IT Governance Process
    • IS Strategic Plan
    • IT risk management process
    • Compliance and Regulatory management
    • IT policies, procedures and standards

Monitoring and reporting are required to ensure that IT is aligned with business requirements.

computer operations
Computer Operations

Computer operations should include controls over:

  • Effective acquisition
  • Implementation
  • Configuration and maintenance
  • Ongoing controls over operation address the day-to-day delivery of information services, service level mgt., management of third-party services, etc.
access to programs and data
Access to Programs and Data

Overall goal of access controls are to prevent “the unauthorized use of, and changes to, the system, and entity protects it data and program integrity.”

program development and program change
Program Development and Program Change
  • What are the acquisition and implementation risks of new applications and/or systems?
  • What are the risks of not having a good change management program?
multi location considerations
Multi-location Considerations
  • Significant business units
  • Potential financial materiality and significant risk considerations, quantitative and qualitative and both aspects provide focus