IT Control Objectives for Sarbanes-Oxley. Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines. Managing Risk .
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines
“…many of the IT professionals being held accountable for the quality and integrity of information generated by their IT systems are not well versed in the intricacies of internal control. This is not to suggest that risk is not being managed by IT, but rather that it may not be formalized or structured in a way required by an organization’s management or its auditors.”
The PCAOB has indicated that an ineffective control environment should be regarded as at least a significant deficiency and as a strong indicator that a material weakness in internal control over financial reporting exists
Monitoring and reporting are required to ensure that IT is aligned with business requirements.
Computer operations should include controls over:
Overall goal of access controls are to prevent “the unauthorized use of, and changes to, the system, and entity protects it data and program integrity.”