Auditing SOX ITGC Compliance
seanpizzy
1,307 views
21 slides
Jun 07, 2020
Slide 1 of 21
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
About This Presentation
Understanding this course help you have an idea on how the audit assessment is performed and where the focus lies. General controls take a large percentage of the entire Audit function and should be paid adequate attention during the session.
Slide Content
SOX-ITGC Compliance & PCI www.techembro.com @ techembro
SUM M ARY Introduction What is SOX? Legal requirements for IT compliance Methods of compliance Frameworks How can be SOX Helpful Conclusions www.techembro.com @ techembro
1. Introduction - Information Technology Important part of the recent businesses Responsible for the key business activities Maintain a correct accounting mechanism www.techembro.com @ techembro
ITGC www.techembro.com @ techembro
2. What is SOX ? SOX www.techembro.com @ techembro
GOALS Why SOX ? www.techembro.com @ techembro
www.techembro.com @ techembro
Management rules www.techembro.com @ techembro
Security Controls “The best plan of action for SOX compliance is to have the correct security controls in place to ensure that financial data is accurate and protected against loss. “ www.techembro.com @ techembro
Data Protection And Compliance Data classification enables: security teams to more easily monitor enforce corporate policies for data handling - It may need to be encrypted, compressed, or saved to a different file format www.techembro.com @ techembro
Compliance And Audits “Being in SOX compliance and complying with other regulatory standards is nearly impossible without the correct security solutions in place” www.techembro.com @ techembro
3. Legal requirements for IT compliance 1. Section 302: Companies need to put in place systems that protect against data tampering, provide the ability to track timelines and are able to determine who had access to data and when. - Data Tampering :. Organizations need to ensure that their access controls are managed appropriately. A robust access control process is required. Additionally, businesses must ensure that it is difficult for people to access data without proper credentials (complex passwords…). Another part of preventing data tampering is ensuring that records can be recovered if they are lost. www.techembro.com @ techembro
- Timeline tracking : Section 302 compliance requires that companies keep track of when changes were made to data. In addition to knowing when a file was last modified, companies may also need to keep a log of when changes are made, what the changes were and who made the changes - Ensuring Safeguards are active and reporting on their effectiveness : Senior management is required to verify the effectiveness and functionality of safeguards and security systems in the 90 days prior to a financial report being made. 2. Section 404 . - Section 404 requirements are often met by using a remote and web based system that allows access to outsiders which allows them to verify that the structures and processes in place are appropriate and sufficient to meet Section 302 requirements. www.techembro.com @ techembro
3. Section 409: - Deliver Timely Disclosure: SOX compliance mandates the timely disclosure of any information that could affect a public company's financial performance. 4. Section 802: -Ensure Records Retention: The IT team's role in SOX compliance to preserve records (IMs, recorded calls discussing money, financial transactions…) with internal automated backup processes and ensure the proper function of document management systems. www.techembro.com @ techembro
4. Methods of Compliance There is no one size fits all approach to complying with SOX requirements It may be best for businesses to start handling some tasks manually until it is determined if they are actually effective. The initial costs of compliance can be high The first step for companies is to do an audit It's important that organizations verify that systems work as intended after changes are made, it's important to ensure that existing processes are still running correctly. www.techembro.com @ techembro
Third party and SOX: Complying with SOX does not rule out having a third-party handle IT issues for an organization, but any failures of a third party to comply with standards set out by SOX will still be considered the fault and responsibility of the organization. When a company uses a third-party to handle their IT services, they will still need to verify that they are in compliance with SOX regulations: assurance report, or by having the testing done by an outside consultant. www.techembro.com @ techembro
www.techembro.com @ techembro
COSO and COBIT - - - - Help organizations determine how to manage and run business processes. Most companies end up using only COBIT or a combination of COSO and COBIT. COSO has the advantage of being a very robust framework for enterprise governance and risk management. However, COSO falls short in terms of IT planning. COBIT complements COSO, as it provides the IT considerations lacking in COSO; the two frameworks are so c o m p l e m e n t a r y t ha t C O B I T documentation refers to COSO. 5. Frameworks P CA O B - - - Created to develop auditing standards and train auditors on the best practices for assessing a company’s internal controls. It is here that the specific SOX requirements for information security are spelled out. PCAOB publishes periodic recommendations and changes to the auditing process. ITGI to m ee t h e l p i n g their w it hou t information - Dedicated businesses objectives c o mp r o m i si ng security. - ITGI has independently published its own framework for SOX compliance, using both COBIT and COSO as guides. the I T G I o n l y w i t h - Unlike COBIT, f r a m e w o r k d e als security issues. There are many frameworks and structures that could be followed or adopted by organizations; it depends solely on the business area, specificities of interests and cost efficient approach of selection. www.techembro.com @ techembro
6. How can SOX be helpful? 3. Better Audits More effective and efficient operations under SOX lead to better audit outcomes. With better internal audit outcomes, external auditors have a more efficient process. A more efficient process for external auditor lowers overall audit costs and the cost of employee time when responding to external audit report results. 1. Risk Triage Complying with SOX benefits companies as it gives them a starting point for asset analysis. ISACA states that the most appropriate way to define the right scope and extent of testing for each SOX in-scope system is to perform a risk assessment specific to SOX’s requirements and ITGC These focused risk assessments allows you to understand the entire landscape of the organisations’ controls 2. Control Structure Strengthening SOX is helpful in the context of control structure, as SOX compliance includes better control awareness . SOX assessments also involve additional scrutiny to ensure that the financial reporting activities are well-executed and well- controlled. SOX compliance tackles problems that may occur as a company matures, at an early stage. www.techembro.com @ techembro
6. Team Collaboration and Building Working Relationships SOX compliance requires deeper and more frequent collaboration among internal stakeholders SOX provides the backdrop for building stronger working relationships among teams (e.g. internal auditors and those who oversee SOX assessments) 4. Efficient Financial Reporting Main goal of SOX was to provide transparency in financial reporting. Complying with SOX when financial reporting allows for more efficient financial reporting, and makes reporting easier as the organisation matures. More accurate financial reporting results in less time spent needing to correct mistakes. 5. Peak Operational Performance Early On Early SOX compliance benefits companies by instilng a sense of internal control By requiring organisations to initiate controls at an early stage, SOX compliance benefits companies by requiring them to assess their startng points and their risk. Steve Guarini states a number of benefits of complying with SOX, among which are ‘utilising a top- down approach to drive efficiency and effectiveness’. www.techembro.com @ techembro
7. Conclusions Although there is a rise in the application of SOX by the companies and there could be a special cost involved in the process of doing so, studies from renowned firms clearly indicate that SOX application has lead to betterment in the performance of firms. One of the recent studies done by techembro in 2 020 , under the heading “Understanding the Costs and Benefits of SOX Compliance” showed that companies are spending more time and money but continue improving their internal costs and business processes. www.techembro.com @ techembro
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1,307
- Slides 21
- Age 2003 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views