Summary of IT Controls Part I,Sarbanes-Oxley and IT Governance.
Summary
This chapter examined some of the internal control and audit issues that have arisen out of Sections 302 and 404 of SOX. It began with a review of management and auditor responsibilities under SOX. Then we examined the COSO control framework that the PCAOB and the SEC recommend. This section concluded with a discussion of computer fraud issues. Next, the chapter presented exposures that arise in connection with organizational structure. In these general areas, exposures are controlled through organizational separation of incompatible duties. The chapter turned to a review of computer center threats and controls, which include protecting it from damage and destruction from natural disasters, fire, temperature, and humidity. The chapter then presented the key elements of a disaster recovery plan. Several factors need to be considered in such a plan, including providing second-site backup, identifying critical applications, performing backup and off-site storage procedures, creating a disaster recovery team, and testing the DRP. The final section of the chapter examined issues surrounding the growing trend toward IT outsourcing. In particular it reviewed the logic underlying outsourcing and its expected benefits. IT outsourcing is also associated with significant risks, which were addressed. The chapter concluded with a discussion of audit issues in an outsourcing environment.
Comments
Post a Comment