Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SOX- IT Perspective


Published on

SOX from IT Perspective

Published in: Technology, Business

SOX- IT Perspective

  1. 1. SOX: IT Perspective Neelabh Srivastava
  2. 2. SOX: IT Perspective Agenda  Background  Facts about SOX ACT  Objective  Section 404: Key Points  A Burden or Opportunity  Challenges  Sox Benefits  SOX Compliance Frameworks  FAQs  Conclusion2 Neelabh Srivastava September 2012
  3. 3. SOX: IT Perspective Background  Two largest US companies goes bankrupt.  Other financial frauds follow.  Investors lost money & faith in companies  Debacle in Stock Market.  US govt. took action.  Sarbanes and Oxley Act was made Law.3 Neelabh Srivastava September 2012
  4. 4. SOX: IT Perspective Facts about SOX Act  The Act was passed on 30 July, 2002.  Names after its Architects US Senator Paul Sarbanes and US Representative Michael Oxley.  Also Known as SOA (Sarbanes-Oxley Act)  Applies to Publicly-traded companies in US.  The act consists of 11 sections.  Known as one of the worst Tech related Bills of all time.4 Neelabh Srivastava September 2012
  5. 5. SOX: IT Perspective Objective:  Fundamentally, Sarbanes-Oxley (SOX) requires that financial reports are based on accurate information and that the processes by which this information is collected are themselves accurate & controlled.  Rebuilding Public Trust.5 Neelabh Srivastava September 2012
  6. 6. SOX: IT Perspective Section 404: Key Points  Refers to “Management assessment of Internal Controls”  With only 180 words, this section has created a furor in various depts. including IT.  As IT controls financial processing and reporting, therefore falls in SOX ambit.  Effectively it is forced implementation of the best practices.  404 Most contentious part of SOX.6 Neelabh Srivastava September 2012
  7. 7. SOX: IT Perspective A Burden or An Opportunity It’s a matter of Perspective. Classic Example of “Glass Half Empty or Half Full”7 Neelabh Srivastava September 2012
  8. 8. SOX: IT Perspective Challenges:  High Compliance Costs  Segregation of Duties (too few people)  Increase in Project Durations.  High Administrative work.  Increased workload on IT staff.8 Neelabh Srivastava September 2012
  9. 9. SOX: IT Perspective SOX Benefits:  Standardizing/Eliminating Variation of Computing Envt.  Automation of Manual Processes.  Identification and addressing risks and in your environment.  Improved efficiencies through consolidation.  Reduced Operating costs.  Reduced Incidents  Documentation for every process/operation.9 Neelabh Srivastava September 2012
  10. 10. SOX: IT Perspective SOX Compliance Frameworks  COBIT (Control Objectives for Information and Related Technology)  COSO (Committee of Sponsoring Organizations).  ITIL (Information Technology Infrastructure Library)  COCO (Criteria of Control).  Tumbull Framework  King Framework COSO is the most widely adopted framework in US.10 Neelabh Srivastava September 2012
  11. 11. SOX: IT Perspective FAQ: 1) How often do companies need to comply with SOX - annually or quarterly? All publicly traded companies must comply with SOX both annually and quarterly. Section 404 is an annual evaluation of internal controls which requires annual compliance, whereas other sections like 302 and 906 are both quarterly certification requirements.11 Neelabh Srivastava September 2012
  12. 12. SOX: IT Perspective FAQ: 2) What does Section 404 mean from practical perspective? In practice it will depend on the external auditor to define what aspects of the overall operations that they feel are material and then to what degree. It can be based on multiple criterion including their own control objectives.12 Neelabh Srivastava September 2012
  13. 13. SOX: IT Perspective FAQ: 3) If the SOX is intended for Financial reforms then how does IT came in picture? The thing to remember about SOX is that it is primarily focused on the accuracy of financial reporting data. IT per say is important under SOX only to the extent that it enhances the reliability and integrity of that reporting which of course can be achieved by having full controls over IT infra, Change management, IT security etc…13 Neelabh Srivastava September 2012
  14. 14. SOX: IT Perspective FAQ: 4) Whether non-production systems such as Dev, QA, Test etc.. systems should be in-scope for SOX? They might not be in the "direct" scope of SOX, but these environments certainly play a role in the Change Management process and other Life Cycles. Thus, they cannot be completely ignored.14 Neelabh Srivastava September 2012
  15. 15. SOX: IT Perspective FAQ: 5) If this is ever going to finish? Unfortunately No, there will be an ongoing need to update and validate the processes and supporting documentation.15 Neelabh Srivastava September 2012
  16. 16. SOX: IT Perspective Conclusion: The better reason to have good controls over IT and IT security, however, is not because it will make you SOX compliant but because it will make your business more efficient, enable you to better utilize your data, and allow you to trust ALL the data, not just financial reporting data.16 Neelabh Srivastava September 2012
  17. 17. SOX: IT Perspective References:–Oxley_Act http://www.sarbanes-oxley-101.com17 Neelabh Srivastava September 2012