SlideShare ist ein Scribd-Unternehmen logo

SOX Compliance Made Simple

Als PPT, PDF herunterladen
Amarnath Gupta
Amarnath Gupta

Sarbanes-Oxley was passed in the wake of a number of notable corporate accounting scandals including Enron and WorldCom. And now in this training presentation, you will understand why and how this is important for us.

TechnologieBusiness
1 von 21
SOX Compliance DON’T FIGHT WHAT CAN HELP YOU BY AMARNATH GUPTA
Amarnath Gupta  11 Years experience working in Systems & Operations in various roles.  4 years focusing on SOX related tasks.  Amarnath is not an attorney or an auditor.  Have delivered 300+ hours of training on various IT and IT related methodologies
What is SOX?  SOX provides the foundation for new corporate governance rules, regulations & standards issued by the Securities and Exchange Commission. It covers a range of topics from criminal penalties to Corporate Board responsibilities. SOX also covers issues such as independent auditing requirements, corporate governance, internal control assessment, and enhanced financial disclosure.   CEO’s of publicly traded companies will be held accountable for the quality of the controls established which enable accurate Financial reporting (including IT processes, systems & roles).
Penalties  Section 802(a) of the SOX states: “ Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.”
What prompted SOX? Sarbanes-Oxley was passed in the wake of a number of notable corporate accounting scandals including Enron and WorldCom. 
SOX on the horizon?  The primary thing to remember is that SOX is about mitigating the risk of fraud, financial transparency and process control. This will change how you do things but that does not have to be a bad thing.
A hint on policies.  Bear in mind that you will be held to the letter of all policies your company develops related to SOX even if they exceed federal requirements. This is very important to remember when drafting policies.  Policies should ensure that corporate behavior is consistent, controlled, and can be proven.
A word on Frameworks There are many frameworks out there to assist you with SOX compliance. The key is to find a framework that works for your team, commit to it, train on it, and use it to your best possible advantage.
Examples of COBIT Controls  Network Security – Firewalls, secure network configuration including 802.11x  Virus Protection –anti- virus and anti-spyware updated regularly
Examples of COBIT Controls  Backups & Restore – Regularly tested procedures  IT Continuity – Disaster Recovery Procedures
Examples of COBIT Controls  Files Access Privilege Controls  Identity Management – password strength/age and access. Who has access and is that appropriate now?
Examples of COBIT Controls  Risk Evaluation Programs – Risk Assessment and internal auditing.  Employee IT Security Training – Training of end users related to utilization of resources.
Examples of COBIT Controls  Management support/buy in – Executive level oversight of projects related to IT.  IT as part of strategic planning – The business must be supported by technologies.
Change Management (Amarnath’s favorite) Standardized change control is a great place to find fast rewards in pursuit of compliance.  Change Approval  Change Categorization  Change Documentation  Change Prioritization  Formal Request for Change Process  A body of subject matter experts that oversee change.
Consistent Logging  Change Management  Configuration Mgmt.  Event Management  Incident Management  Knowledge Mgmt.  Problem Management
“Operationalize” information  Connect the internal changes needed with the strategic objectives of the company.  Illustrate that real-time information flow enhances your organization’s ability to make decisions while making compliance easier.  Point out the significance of new activities that may seem mundane or inconsequential. This will help actions taken by staff at every level feel more relevant and less painful.
Remember W. Edward Deming? • SOX Compliance is not a fix it and forget it endeavor. • As companies and the ecosystems that support them change new compliance quandaries will come up.
Wait, how can SOX help me?  Perspectives on operational control, consistency, and quality take on a whole different meaning once they have a clear relationship to fiduciary responsibility.  It is amazing how different the conversation about project prioritization becomes once executive management are offered the opportunity to make decisions guiding it.
Questions? THIS IS ASSUMING THAT WE HAVE TIME FOR ANY.
SOX Compliance Made Simple

Empfohlen

Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)vinaya.hs
 
SOX- IT Perspective
SOX- IT PerspectiveSOX- IT Perspective
SOX- IT PerspectiveNeelabh Srivastava
 
Sox Compliance Presentation
Sox Compliance PresentationSox Compliance Presentation
Sox Compliance PresentationSkye Rogers
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Sox compliance
Sox complianceSox compliance
Sox complianceG Madhusudhan
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainInfosecTrain
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 

Empfohlen

Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)vinaya.hs
 
SOX- IT Perspective
SOX- IT PerspectiveSOX- IT Perspective
SOX- IT PerspectiveNeelabh Srivastava
 
Sox Compliance Presentation
Sox Compliance PresentationSox Compliance Presentation
Sox Compliance PresentationSkye Rogers
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Sox compliance
Sox complianceSox compliance
Sox complianceG Madhusudhan
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainInfosecTrain
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 
Cisa domain 3
Cisa domain 3Cisa domain 3
Cisa domain 3ShivamSharma909
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO FrameworkJesús Gándara
 
Sox Compliance Solution
Sox Compliance SolutionSox Compliance Solution
Sox Compliance Solutionguest586cf0
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
Internal Financial Controls over Financial Reporting
Internal Financial Controls over Financial ReportingInternal Financial Controls over Financial Reporting
Internal Financial Controls over Financial ReportingManish Kagathara
 
Sarbanes-Oxley act
Sarbanes-Oxley actSarbanes-Oxley act
Sarbanes-Oxley actRizze
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Cisa domain 1
Cisa domain 1 Cisa domain 1
Cisa domain 1 Ismail aboulezz
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
Sarbanes Oxley Act
Sarbanes Oxley ActSarbanes Oxley Act
Sarbanes Oxley Actles561
 
Cobit
CobitCobit
Cobitifourkhushbooshah
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk AssessmentCompliance Consultant
 
Sox presentation By DSA
Sox presentation By DSASox presentation By DSA
Sox presentation By DSAMuhammad Daniyal Shahid
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial ControlsPranav Joshi
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkAziz Fataliyev, Internal Audit Practitioner
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002Syed Shah
 
Sarbanes Oxley Act
Sarbanes Oxley ActSarbanes Oxley Act
Sarbanes Oxley ActCarmen Neghina
 

Weitere ähnliche Inhalte

Was ist angesagt?

CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO FrameworkJesús Gándara
 
Sox Compliance Solution
Sox Compliance SolutionSox Compliance Solution
Sox Compliance Solutionguest586cf0
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
Internal Financial Controls over Financial Reporting
Internal Financial Controls over Financial ReportingInternal Financial Controls over Financial Reporting
Internal Financial Controls over Financial ReportingManish Kagathara
 
Sarbanes-Oxley act
Sarbanes-Oxley actSarbanes-Oxley act
Sarbanes-Oxley actRizze
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
Sarbanes Oxley Act
Sarbanes Oxley ActSarbanes Oxley Act
Sarbanes Oxley Actles561
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial ControlsPranav Joshi
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 

Was ist angesagt? (20)

CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
 
Cisa domain 3
Cisa domain 3Cisa domain 3
Cisa domain 3
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
 
Sox Compliance Solution
Sox Compliance SolutionSox Compliance Solution
Sox Compliance Solution
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
 
Internal Financial Controls over Financial Reporting
Internal Financial Controls over Financial ReportingInternal Financial Controls over Financial Reporting
Internal Financial Controls over Financial Reporting
 
Sarbanes-Oxley act
Sarbanes-Oxley actSarbanes-Oxley act
Sarbanes-Oxley act
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Cisa domain 1
Cisa domain 1 Cisa domain 1
Cisa domain 1
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
Sarbanes Oxley Act
Sarbanes Oxley ActSarbanes Oxley Act
Sarbanes Oxley Act
 
Cobit
CobitCobit
Cobit
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk Assessment
 
Sox presentation By DSA
Sox presentation By DSASox presentation By DSA
Sox presentation By DSA
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated Framework
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
 

Andere mochten auch

Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002Syed Shah
 
Ley Sarbanes Oxley
Ley Sarbanes OxleyLey Sarbanes Oxley
Ley Sarbanes Oxleysantosperez
 
Ley sarbanes oxley
Ley sarbanes oxleyLey sarbanes oxley
Ley sarbanes oxleykabaru05
 
Sox In Telecom Industry
Sox In Telecom IndustrySox In Telecom Industry
Sox In Telecom IndustryMahesh Panchal
 
Sarbanes oxley act overview-v4-final v1
Sarbanes oxley act overview-v4-final v1Sarbanes oxley act overview-v4-final v1
Sarbanes oxley act overview-v4-final v1Vijay Kumar C.A.
 
A Brief Overview of the Sarbanes-Oxley Act
A Brief Overview of the Sarbanes-Oxley ActA Brief Overview of the Sarbanes-Oxley Act
A Brief Overview of the Sarbanes-Oxley ActBergstein Enterprises
 
Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsAutomating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsSmart ERP Solutions, Inc.
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Internal Audit of Manufacturing Companies
Internal Audit of Manufacturing CompaniesInternal Audit of Manufacturing Companies
Internal Audit of Manufacturing Companiesvikas_k
 
Iso 9001-internal-audit-checklist
Iso 9001-internal-audit-checklistIso 9001-internal-audit-checklist
Iso 9001-internal-audit-checklistPHILIP TEO
 

Andere mochten auch (17)

Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002Sarbanes-Oxley Act 2002
Sarbanes-Oxley Act 2002
 
Sarbanes Oxley Act
Sarbanes Oxley ActSarbanes Oxley Act
Sarbanes Oxley Act
 
Sarbanes oxley act
Sarbanes oxley actSarbanes oxley act
Sarbanes oxley act
 
Ley Sarbanes Oxley
Ley Sarbanes OxleyLey Sarbanes Oxley
Ley Sarbanes Oxley
 
Ley sarbanes oxley
Ley sarbanes oxleyLey sarbanes oxley
Ley sarbanes oxley
 
Sox In Telecom Industry
Sox In Telecom IndustrySox In Telecom Industry
Sox In Telecom Industry
 
Sox
SoxSox
Sox
 
Sarbanes oxley act overview-v4-final v1
Sarbanes oxley act overview-v4-final v1Sarbanes oxley act overview-v4-final v1
Sarbanes oxley act overview-v4-final v1
 
A Brief Overview of the Sarbanes-Oxley Act
A Brief Overview of the Sarbanes-Oxley ActA Brief Overview of the Sarbanes-Oxley Act
A Brief Overview of the Sarbanes-Oxley Act
 
Sarbanes Oxley Act, 2002
Sarbanes Oxley Act, 2002Sarbanes Oxley Act, 2002
Sarbanes Oxley Act, 2002
 
Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsAutomating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and Financials
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
Internal Audit of Manufacturing Companies
Internal Audit of Manufacturing CompaniesInternal Audit of Manufacturing Companies
Internal Audit of Manufacturing Companies
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
 
Iso 9001-internal-audit-checklist
Iso 9001-internal-audit-checklistIso 9001-internal-audit-checklist
Iso 9001-internal-audit-checklist
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
 
Audit presentation
Audit presentationAudit presentation
Audit presentation
 

Ähnlich wie SOX Compliance Made Simple

Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
Agile in a highly regulated organization 2014
Agile in a highly regulated organization 2014Agile in a highly regulated organization 2014
Agile in a highly regulated organization 2014Tami Flowers
 
Sox regulation and Analytics
Sox regulation and AnalyticsSox regulation and Analytics
Sox regulation and Analyticsbrunomase
 
7 steps to build an effective corporate compliance strategy
7 steps to build an effective corporate compliance strategy7 steps to build an effective corporate compliance strategy
7 steps to build an effective corporate compliance strategyMaarten BOONEN
 
Toronix - SOA Governance Quick Start
Toronix - SOA Governance Quick StartToronix - SOA Governance Quick Start
Toronix - SOA Governance Quick Startrrowntree
 
Business-Driven Identity and Access Governance: Why This New Approach Matters
Business-Driven Identity and Access Governance: Why This New Approach MattersBusiness-Driven Identity and Access Governance: Why This New Approach Matters
Business-Driven Identity and Access Governance: Why This New Approach MattersEMC
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxjoellemurphey
 
There are regulatory rules that must be met as well as organizatio.docx
There are regulatory rules that must be met as well as organizatio.docxThere are regulatory rules that must be met as well as organizatio.docx
There are regulatory rules that must be met as well as organizatio.docxrandymartin91030
 
Running head MOBILE APPLICATION SECURITY .docx
Running head MOBILE APPLICATION SECURITY .docxRunning head MOBILE APPLICATION SECURITY .docx
Running head MOBILE APPLICATION SECURITY .docxcharisellington63520
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Sharing Slides Training
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Aissharing notes123
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1sharing notes123
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisSharing Slides Training
 
Sheila Jeffrey - Well Behaved Data - It's a Matter of Principles
Sheila Jeffrey - Well Behaved Data - It's a Matter of PrinciplesSheila Jeffrey - Well Behaved Data - It's a Matter of Principles
Sheila Jeffrey - Well Behaved Data - It's a Matter of Principlesiasaglobal
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxhealdkathaleen
 

Ähnlich wie SOX Compliance Made Simple (20)

Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
 
Agile in a highly regulated organization 2014
Agile in a highly regulated organization 2014Agile in a highly regulated organization 2014
Agile in a highly regulated organization 2014
 
IT_Governance_Framework.pdf
IT_Governance_Framework.pdfIT_Governance_Framework.pdf
IT_Governance_Framework.pdf
 
Sox regulation and Analytics
Sox regulation and AnalyticsSox regulation and Analytics
Sox regulation and Analytics
 
7 steps to build an effective corporate compliance strategy
7 steps to build an effective corporate compliance strategy7 steps to build an effective corporate compliance strategy
7 steps to build an effective corporate compliance strategy
 
Dit yvol5iss38
Dit yvol5iss38Dit yvol5iss38
Dit yvol5iss38
 
Toronix - SOA Governance Quick Start
Toronix - SOA Governance Quick StartToronix - SOA Governance Quick Start
Toronix - SOA Governance Quick Start
 
Business-Driven Identity and Access Governance: Why This New Approach Matters
Business-Driven Identity and Access Governance: Why This New Approach MattersBusiness-Driven Identity and Access Governance: Why This New Approach Matters
Business-Driven Identity and Access Governance: Why This New Approach Matters
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
 
There are regulatory rules that must be met as well as organizatio.docx
There are regulatory rules that must be met as well as organizatio.docxThere are regulatory rules that must be met as well as organizatio.docx
There are regulatory rules that must be met as well as organizatio.docx
 
Running head MOBILE APPLICATION SECURITY .docx
Running head MOBILE APPLICATION SECURITY .docxRunning head MOBILE APPLICATION SECURITY .docx
Running head MOBILE APPLICATION SECURITY .docx
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
Dit yvol4iss27
Dit yvol4iss27Dit yvol4iss27
Dit yvol4iss27
 
Cisa 2013 ch2
Cisa 2013 ch2Cisa 2013 ch2
Cisa 2013 ch2
 
Sheila Jeffrey - Well Behaved Data - It's a Matter of Principles
Sheila Jeffrey - Well Behaved Data - It's a Matter of PrinciplesSheila Jeffrey - Well Behaved Data - It's a Matter of Principles
Sheila Jeffrey - Well Behaved Data - It's a Matter of Principles
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
 
Task 2
Task 2Task 2
Task 2
 

Mehr von Amarnath Gupta

World's cheapest CRM on Demand - RTe CRM is available now @ $6.99/User/Month ...
World's cheapest CRM on Demand - RTe CRM is available now @ $6.99/User/Month ...World's cheapest CRM on Demand - RTe CRM is available now @ $6.99/User/Month ...
World's cheapest CRM on Demand - RTe CRM is available now @ $6.99/User/Month ...Amarnath Gupta
 
Microsoft Project Professional & Project Server 2013 for Project Managers
Microsoft Project Professional & Project Server 2013 for Project ManagersMicrosoft Project Professional & Project Server 2013 for Project Managers
Microsoft Project Professional & Project Server 2013 for Project ManagersAmarnath Gupta
 
Amarnath gupta an educationist and mentor
Amarnath gupta an educationist and mentorAmarnath gupta an educationist and mentor
Amarnath gupta an educationist and mentorAmarnath Gupta
 
Success factors for Enterprise Project Management
Success factors for Enterprise Project ManagementSuccess factors for Enterprise Project Management
Success factors for Enterprise Project ManagementAmarnath Gupta
 
Amarnath Gupta - Horoscope
Amarnath Gupta - HoroscopeAmarnath Gupta - Horoscope
Amarnath Gupta - HoroscopeAmarnath Gupta
 
Enterprise Project Management using Microsoft Project
Enterprise Project Management using Microsoft ProjectEnterprise Project Management using Microsoft Project
Enterprise Project Management using Microsoft ProjectAmarnath Gupta
 
Curriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs Experience
Curriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs ExperienceCurriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs Experience
Curriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs ExperienceAmarnath Gupta
 
Curriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs Experience
Curriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs ExperienceCurriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs Experience
Curriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs ExperienceAmarnath Gupta
 
Risk In Erp Implementation Projects
Risk In Erp Implementation ProjectsRisk In Erp Implementation Projects
Risk In Erp Implementation ProjectsAmarnath Gupta
 

Mehr von Amarnath Gupta (9)

World's cheapest CRM on Demand - RTe CRM is available now @ $6.99/User/Month ...
World's cheapest CRM on Demand - RTe CRM is available now @ $6.99/User/Month ...World's cheapest CRM on Demand - RTe CRM is available now @ $6.99/User/Month ...
World's cheapest CRM on Demand - RTe CRM is available now @ $6.99/User/Month ...
 
Microsoft Project Professional & Project Server 2013 for Project Managers
Microsoft Project Professional & Project Server 2013 for Project ManagersMicrosoft Project Professional & Project Server 2013 for Project Managers
Microsoft Project Professional & Project Server 2013 for Project Managers
 
Amarnath gupta an educationist and mentor
Amarnath gupta an educationist and mentorAmarnath gupta an educationist and mentor
Amarnath gupta an educationist and mentor
 
Success factors for Enterprise Project Management
Success factors for Enterprise Project ManagementSuccess factors for Enterprise Project Management
Success factors for Enterprise Project Management
 
Amarnath Gupta - Horoscope
Amarnath Gupta - HoroscopeAmarnath Gupta - Horoscope
Amarnath Gupta - Horoscope
 
Enterprise Project Management using Microsoft Project
Enterprise Project Management using Microsoft ProjectEnterprise Project Management using Microsoft Project
Enterprise Project Management using Microsoft Project
 
Curriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs Experience
Curriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs ExperienceCurriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs Experience
Curriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs Experience
 
Curriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs Experience
Curriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs ExperienceCurriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs Experience
Curriculum Vitae Amarnath Gupta Programme Manager With 6.5 Yrs Experience
 
Risk In Erp Implementation Projects
Risk In Erp Implementation ProjectsRisk In Erp Implementation Projects
Risk In Erp Implementation Projects
 

Kürzlich hochgeladen

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Kürzlich hochgeladen (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

SOX Compliance Made Simple

  • 1. SOX Compliance DON’T FIGHT WHAT CAN HELP YOU BY AMARNATH GUPTA
  • 2. Amarnath Gupta  11 Years experience working in Systems & Operations in various roles.  4 years focusing on SOX related tasks.  Amarnath is not an attorney or an auditor.  Have delivered 300+ hours of training on various IT and IT related methodologies
  • 3. What is SOX?  SOX provides the foundation for new corporate governance rules, regulations & standards issued by the Securities and Exchange Commission. It covers a range of topics from criminal penalties to Corporate Board responsibilities. SOX also covers issues such as independent auditing requirements, corporate governance, internal control assessment, and enhanced financial disclosure.   CEO’s of publicly traded companies will be held accountable for the quality of the controls established which enable accurate Financial reporting (including IT processes, systems & roles).
  • 4. Penalties  Section 802(a) of the SOX states: “ Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.”
  • 5. What prompted SOX? Sarbanes-Oxley was passed in the wake of a number of notable corporate accounting scandals including Enron and WorldCom. 
  • 6.
  • 7. SOX on the horizon?  The primary thing to remember is that SOX is about mitigating the risk of fraud, financial transparency and process control. This will change how you do things but that does not have to be a bad thing.
  • 8. A hint on policies.  Bear in mind that you will be held to the letter of all policies your company develops related to SOX even if they exceed federal requirements. This is very important to remember when drafting policies.  Policies should ensure that corporate behavior is consistent, controlled, and can be proven.
  • 9. A word on Frameworks There are many frameworks out there to assist you with SOX compliance. The key is to find a framework that works for your team, commit to it, train on it, and use it to your best possible advantage.
  • 10. Examples of COBIT Controls  Network Security – Firewalls, secure network configuration including 802.11x  Virus Protection –anti- virus and anti-spyware updated regularly
  • 11. Examples of COBIT Controls  Backups & Restore – Regularly tested procedures  IT Continuity – Disaster Recovery Procedures
  • 12. Examples of COBIT Controls  Files Access Privilege Controls  Identity Management – password strength/age and access. Who has access and is that appropriate now?
  • 13. Examples of COBIT Controls  Risk Evaluation Programs – Risk Assessment and internal auditing.  Employee IT Security Training – Training of end users related to utilization of resources.
  • 14. Examples of COBIT Controls  Management support/buy in – Executive level oversight of projects related to IT.  IT as part of strategic planning – The business must be supported by technologies.
  • 15. Change Management (Amarnath’s favorite) Standardized change control is a great place to find fast rewards in pursuit of compliance.  Change Approval  Change Categorization  Change Documentation  Change Prioritization  Formal Request for Change Process  A body of subject matter experts that oversee change.
  • 16. Consistent Logging  Change Management  Configuration Mgmt.  Event Management  Incident Management  Knowledge Mgmt.  Problem Management
  • 17. “Operationalize” information  Connect the internal changes needed with the strategic objectives of the company.  Illustrate that real-time information flow enhances your organization’s ability to make decisions while making compliance easier.  Point out the significance of new activities that may seem mundane or inconsequential. This will help actions taken by staff at every level feel more relevant and less painful.
  • 18. Remember W. Edward Deming? • SOX Compliance is not a fix it and forget it endeavor. • As companies and the ecosystems that support them change new compliance quandaries will come up.
  • 19. Wait, how can SOX help me?  Perspectives on operational control, consistency, and quality take on a whole different meaning once they have a clear relationship to fiduciary responsibility.  It is amazing how different the conversation about project prioritization becomes once executive management are offered the opportunity to make decisions guiding it.
  • 20. Questions? THIS IS ASSUMING THAT WE HAVE TIME FOR ANY.

Hinweis der Redaktion

  1. Remember, 3 parts carrot 1 part stick.