Sarbanes-Oxley Act - Key Information
The following links pertain to the Sarbanes-Oxley Act of 2002 based on research. I updated an older posting with more current links, as I'll need this for a key project at work next week. These links provide information on SOX regulations and it's impact on IT and security reporting concerns.
The Sarbanes-Oxley Act was signed into law on 30th July 2002, and introduced highly significant legislative changes to financial practice and corporate governance regulation. It introduced stringent new rules with the stated objective: "to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws".
Sarbanes-Oxley Act - General Information
Sarbanes-Oxley - Key Links
Sarbanes-Oxley - Free Forums
Sarbanes-Oxley - Full Text of Law
Sarbanes-Oxley - AICPA links & Summary
Sarbanes-Oxley - Key Compliance Sections
Information Technology - Critical Success Factors
Using IT successfully to comply with Section 404 means intergrating IT into your Sarbanes-Oxley program by:
1. Making IT an active participant in the company's program management office for Sarbanes-Oxley compliance;
2. Organizing IT resources and establishing an IT internal control program;
3. Providing IT representation on the steering committee;
4. Identifying, documenting and evaluating IT-related COSO requirements, IT processes and application controls
5. Application Controls: data validation, e-checks and output reconciliations, segregation of duties, protection of sensitive data;
6. General Application Controls: application development, testing, change control, database management, and application level security;
7. General Computer Controls: hardware/software configuration and management, performance and capacity management, security, data center operations, database administration;
8. Employing Best Practices: tools, approaches and internal control specialists as required.
SOX Information Technology - Key Links