Wednesday, September 01, 2004

Sarbanes-Oxley spotlights need for controls in IT

Sarbanes-Oxley (SOX) mandates implementation and documentation of internal controls throughout public companies. The information systems function is not exempt from this requirement. Although internal controls in various departments are often automated by means of information systems, IT professionals are just now beginning to understand that the SOX requirement for internal controls also applies to the IT function itself.

Writing for Datamation, George Spafford has a good basic overview of the concept of "controls."

Spafford explains the difference between preventive, detective, and corrective controls, and why all three are needed in IT. He also discusses the need for both manual and automated controls, and he points out that controls must go beyond merely writing IT policies and procedures.

Related posts
Sarbanes-Oxley blamed for slowdown in new systems spending
Cost of compliance with Sarbanes-Oxley isn't mainly in new systems
In spite of relaxed deadline, Sarbanes-Oxley is giving urgency to some IT initiatives
Is Sarbanes-Oxley the new Y2K?

No comments: