IT Control Objectives for Sarbanes-Oxley. Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines. Managing Risk .
Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines
“…many of the IT professionals being held accountable for the quality and integrity of information generated by their IT systems are not well versed in the intricacies of internal control. This is not to suggest that risk is not being managed by IT, but rather that it may not be formalized or structured in a way required by an organization’s management or its auditors.”
The PCAOB has indicated that an ineffective control environment should be regarded as at least a significant deficiency and as a strong indicator that a material weakness in internal control over financial reporting exists
Monitoring and reporting are required to ensure that IT is aligned with business requirements.
Computer operations should include controls over:
Overall goal of access controls are to prevent “the unauthorized use of, and changes to, the system, and entity protects it data and program integrity.”