An updated edition of the globally demanded IT Control Objectives for Sarbanes-Oxley was released today by the non-profit, independent IT Governance Institute (ITGI) and is available as a complimentary download at www.itgi.org.
The first edition of the guidance, published in 2004, has been downloaded more than a quarter of a million times.
Companies around the world have used it as a tool for evaluating information technology (IT) controls in support of Sarbanes-Oxley compliance and other global financial reporting requirements.
Experts from many organisations and issuers, including the top 10 accounting and professional firms, provided input and direction for the publication. The document underwent a 60-day exposure process, and was enhanced based on comments received from more than 100 respondents.
The second edition incorporates many of the lessons learned regarding financial reporting and IT controls since the first edition of the publication was issued - most significantly, the need to take a top-down, risk-based approach in Sarbanes-Oxley compliance programmes to ensure sufficient attention is given to high-risk areas. Additional enhancements include:
* A stronger focus on scoping and risk assessment.
* Specific guidance on prioritising and defining relevant controls.
* Details on identifying and addressing application controls and providing a business case for using them.
* A simplified readiness road map.
* A cross-reference to COBIT 4.0 processes.
* Insights into cultural and people management issues to highlight the human factors that need to be considered when complying with Sarbanes-Oxley.
"Many companies have gone through their first two Sarbanes-Oxley cycles and are looking for guidance on improving IT controls, reducing risks and improving value. We are also noticing an increase in international registrants who are starting to address Sarbanes-Oxley and similar legislation worldwide, and require guidance," said Ken Vander Wal, CISA, CPA, one of the publication's developers. "This publication helps executives and professionals assess the current state of their IT control environment, design controls to meet the Act's directives and execute a testing strategy for compliance."
Print copies of the publication are available for purchase from www.isaca.org/bookstore.
The IT Governance Institute (ITGI) (www.itgi.org) was established by ISACA in 1998 to advance international thinking and standards in directing and controlling an enterprise's information technology. ITGI developed Control Objectives for Information and related Technology (COBIT), now in its fourth edition, and offers original research and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities.
Share
Editorial contacts