IT Auditors Seek Sarb-Ox Guidance

Thomas Hoffman   Today’s Top Stories   or  Other Legislation/Regulation Stories  

Gain a faster, cheaper way to manage workload Why SaaS is Vital to Email and Web Security Leverage Your Experience with Tivoli Storage Manager Magic Quadrant for Application Delivery Controllers Business Transaction Management: Facilitating the Management of Virtual Environments Should You Install Messaging Security Software on Your Exchange Server? SaaS Solutions for Remote Systems Management Learn-Fast Guide: Software as a Service is Growing Up Mobility @ the Speed of Business Sign up to receive Legislation/Regulation Resource Alerts

April 12, 2004 (Computerworld) -- ROSEMONT, ILL. -- More than a dozen corporate IT auditors attending a conference here last week said they're struggling mightily to document the controls used within their IT departments in time to meet the Sarbanes-Oxley compliance deadlines that most large companies are facing late this year.
The biggest challenge in meeting the deadline for documenting internal IT controls as required by Section 404 of the Sarbanes-Oxley Act is a lack of clarity from the government entity that's overseeing compliance regarding which controls should be documented and the best ways to do it, attendees said.
They noted that the Public Company Accounting Oversight Board hasn't told companies to use a specific methodology for documenting IT controls, such as COBIT, COSO or ISO 17799. That has made it difficult for the Big Four accounting firms and other external auditors to give advice on which IT controls need to be documented, according to attendees.
"It's hard for us to do this when no one is able to tell us exactly what needs to be documented," said an IT auditor who works at a New York-based investment bank. Like almost all of the other auditors interviewed at the conference, she asked not to be identified.
William Powers, associate director of the accounting oversight board's inspections division in New York, said the regulatory body plans to devote a lot of attention this year to the IT controls assessment work done by public accounting firms. That work includes the risk-assessment process as well as the documentation and testing of general and application controls.
In turn, accounting firms are expected to monitor the IT risk-assessment procedures and information systems audit work that's done by their clients to meet Sarbanes-Oxley mandates, Powers added. But when asked if the oversight board plans to recommend the use of a single IT controls standard, he said, "Absolutely not."
Help on the Way
The Rolling Meadows, Ill.-based Information Systems Audit and Control Association, which hosted the conference, said it plans to roll out a Web-enabled version of the COBIT standard within a few weeks. The new release of COBIT, which is formally called Control Objectives for Information and related Technology, is designed to help IT auditors browse for best practices, do benchmarking and obtain other guidance as part of Sarbanes-Oxley compliance efforts.
In addition to the lack of guidance from regulators, IT auditors said they're also struggling with other issues as part of Sarbanes-Oxley projects. The challenges include identifying a hornet's nest of controls and interfaces among decentralized business units and trying to manage the efforts with scarce resources.
For instance, Lynn Kilroy, IT audit director at Allstate Insurance Co. in Northbrook,

Continued...
1 | 2 | NEXT  

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

Sidebar: Outsourcing Sparks Concerns About IT Controls Sidebar: Deadline Rush Delays Internal Improvements

IT Auditors Seek Sarb-Ox Guidance

"TITLE="IT Blogwatch", where we watch Target pay handsomely for its "failure" to make its Web site work for blind people...." Read more... "Gartner Inc. has issued a press release with the headline "Gartner Says Enterprises Must Anticipate How Societal Trends Will Impact..." Read more... Read more Government & Regulation posts or See all Blogs

Cellular operators say they're ready for Gustav Psystar calls Apple a 'monopoly' in antitrust charges Doubt cast on Seinfeld as Windows TV ads near More top stories...

IT workers hit hardest by offshore outsourcing, survey finds Microsoft: No more Windows Live Mail crashes with IE8 Beta 2 Microsoft warns of IE8 lock-in with XP SP3

Telecommuting: 6 questions to ask before you say yes Telework can change office dynamics in ways you hadn't anticipated. Proceed cautiously. Wi-Fi tweaks for speed freaks Got a painfully slow connection or random dead spots? Our tips will help you get the most out of your wireless network. 5 ways to drive your best workers out the door Listen up, managers: Employees don't quit the job; they quit you. Ultraportable laptops: Their rise and possible fall Netbooks, ultraportables, mini-notebooks — whatever you call them, they've been grabbing headlines. Are they here for the long term or just a flash in the pan? Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland Security Apple's iPhone Ask a Premier 100 IT Leader Bill Gates steps down BlackBerry Legal Battle Data Security Breaches Electronic Voting Firefox H-1B Visas HP's Boardroom Scandal Handheld Devices Hurricane Katrina Aftermath Microsoft Legal Issues Microsoft's Vista Open Source RFID Technology SCO's Linux Fight Sarbanes-Oxley Act Spam Voice Over IP Wi-Fi Windows Meta File Vulnerability Windows XP Service Pack 3 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class 2006 Computerworld Horizon Awards 2006 Premier 100 IT Leaders 2006 Salary Survey 2007 Best Places to Work in IT 2007 IT Forecast 2007 Premier 100 IT Leaders 40 Years of Computerworld ASPs, Take Two Best Places to Work in IT 2003 Best Places to Work in IT 2004 Best Places to Work in IT 2005 Best Places to Work in IT 2006 Business Intelligence Home Runs Business Intelligence: Smarter BI Business Intelligence: The Future of BI CRM Goes Vertical CRM: Sober CRM Career Planning Guide 2005 Careers: IT Profession 2010 Computerworld Horizon Awards 2005 Data Management: Mining for Gems Data Management: Taming Data Chaos Development: Hard-Workin' Web Sites Development: New Tools New Choices Development: The New World of Application Development Development: The Web Services Tsunami Development: Web Services Hurdles Disaster Recovery: Preparing for the Worst E-commerce Grows Up E-mail/Groupware: Big Decisions Faces of Mobile IT Forecast 2006 Global Mobile Hardware: Multiple Cores, Multiple Challenges Hardware: On-Demand Un-Hyped Hardware: The Shape of Things to Come Horizon Awards: 10 Cool Cutting Edge Technologies IT Management: Guide to Managing Vendors IT Management: Navigating Global IT IT Management: Recovery Ahead IT Management: The Future of IT IT Management: The Resourceful Project Manager Innovative Technology Awards 2004 Management: Reinventing IT Microsoft in Transition Mobile/Wireless Leaders and Laggards Mobile/Wireless: The Untethered Worker Mobile/Wireless: Tiny Gadgets, Huge Costs Network Management: Taking Control Networking: Turbulence Ahead! Networking: VoIP Goes Mainstream Operating Systems: In the Slow Lane Operating Systems: Linux Goes Global Operating Systems: Should You Nix Unix? Outsourcing: Offshore Buyer's Guide Outsourcing: Outsourcing Dangers Premier 100 IT Leaders 2004 Best in Class Premier 100 IT Leaders 2005 Best in Class ROI: Do the Math! Salary Survey 2003 Salary Survey 2004 Salary Survey 2005 Security Action Plan Security: Compliance Headaches Security: Proactive Security Security: Risk and Reward Security: Tips From Security Pros Souped-up Security Storage: Battling Complexity Storage: Cheap & Secure Data Stores Storage: Stretching Your Storage Dollars Storage: The Lean Storage Machine Storage: The New Rules of Storage Storage: The Ultimate Backup Guide Supply Chain: Missing Links Supply Chain: RFID Reality Check The Business of Security Web 2.0 Security Wireless: Wireless At Work All Zones Application Performance Zone Business Continuity Zone The File Data Management Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Business Intelligence and Analytics Zone Windows Protection Zone Identity & Security Management Zone See your link here

Computerworld Executive Briefing: The Compliance Era Get this briefing free (a $195 value), for a limited time, courtesy of VeriSign. The new Computerworld report, The Compliance Era, explains why regulatory compliance has zoomed to the top of the IT agenda and shows how real-world IT executives are dealing with the storage, security and privacy challenges. Get this briefing free (a $195 value), for a limited time, courtesy of VeriSign. Download this executive briefing  From Laggard to Leader: Transforming the Data Center From Laggard to Leader: Transforming the Data Center Register for this complimentary live webcast today! Go to the webcast  Qualified Security Assessors are not created equal Download this whitepaper, free for a limited time, compliments of VeriSign! (Source: VeriSign) Learn how a Qualified Security Assessor (QSA) can help you acheive full compliance and security in this white paper, presented by VeriSign and Computerworld. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Archiving Compliance with Sunbelt Exchange Archiver The Impact of Messaging and Web Threats Advanced Load Balancing: 8 Things You Need to Handle Today's Network Traffic View more whitepapers

• Sidebar: Outsourcing Sparks Concerns About IT Controls
• IT Auditors Seek Sarb-Ox Guidance
• Sidebar: Deadline Rush Delays Internal Improvements

• Cellular operators say they're ready for Gustav
• IT workers hit hardest by offshore outsourcing, survey finds
• Psystar calls Apple a 'monopoly' in antitrust charges
• More top stories 

Since You Asked A weekly storage column from storage analyst, Steve Duplessie of the Enterprise Strategy Group Click here to read the latest column by Steve Duplessie

Eliminate SPAM, Gain Productivity Learn all about the dangers and the costs of spam in all its forms – from stock-touting to spreadsheet. Also, understand the drawbacks of traditional hardware- and software-based defenses – and the unique benefits of MessageLabs multi-layered, managed Anti-Spam solution; as illustrated by a real-world case study where MessageLabs stopped spam cold. Download this white paper now!  See more Whitepapers

The Spy Files For Congress to do anything that helps protect consumers and the critical Internet infrastructure as a whole, it must pass laws that require proactive processes to protect computers, not that tell people how to deal with the resulting mess, says Ira Winkler. Click here to read the latest column by Ira Winkler

Customer Satisfaction with Email Archiving Systems Osterman Research conducted a primary survey asking organizations about a variety of archiving systems to understand the level of satisfaction that customers of Sunbelt Exchange Archiver (SEA) and other email archiving offerings report on a variety of metrics related to product and vendor performance. Download this white paper now!