IT Braces for 'J-SOX' Rules
Japan imposing new financial controls framework similar to Sarbanes-Oxley
Computerworld - Japanese companies and their international subsidiaries have started prepping for next year’s implementation of a corporate governance framework that’s comparable to the requirements imposed by the Sarbanes-Oxley Act in the U.S.
Many U.S.-based IT managers have started working on processes to ensure compliance with the emerging financial controls requirements, informally known as J-SOX, even though initial details aren’t expected until next month.
“This is just like the early stages of Sarbanes-Oxley — nobody really knows” the specific requirements yet, said Michael Pellegrino, vice president of IT at Fuji Photo Film U.S.A. Inc., a Valhalla, N.Y.-based subsidiary of Tokyo-based Fujifilm Corp.
As the largest of Fujifilm’s 12 North American subsidiaries, Pellegrino’s group is following the lead of its parent firm’s IT operations on what steps it should take to document its IT controls.
Pellegrino noted that as part of its due-diligence efforts, his company is already creating a “matrix” of all its hardware, the IP addresses for those machines and the software that runs on them.
He said that his organization expects to document the controls it has in place for several IT processes that could affect the company’s financial activities. Among them are those related to the procurement and development of software applications, the procurement and development of IT infrastructure, the deployment and testing of IT, and the management of third-party IT services. Sarb-Ox Lessons Learned
J-SOX, officially known as the Financial Instruments and Exchange Law, is scheduled to go into effect in April 2008 for roughly 3,800 companies listed in Japan, along with their foreign subsidiaries.
Japan’s Financial Services Agency — similar to the U.S. Securities and Exchange Commission — moved to create J-SOX laws following accounting scandals involving companies such as Seibu Railway Co., Livedoor Co. and the Murakami Fund.
Marios Damianides, an IT risk management consultant and partner at Ernst & Young LLP in New York, said he expects that the relaxation of some Sarbanes-Oxley requirements by the Public Company Accounting Oversight Board in the U.S. late last year should help ensure that the J-SOX rules won’t be excessive for businesses.
The lessons learned from U.S. companies’ Sarbanes-Oxley efforts will lead Japan’s Financial Services Agency to “soften J-SOX [requirements] a little bit,” said Damianides, a former international president of the Information Systems Audit and Control Association.
That work will involve tracking and monitoring the company’s global IT systems, as well as documenting the security safeguards it has in place for each of those systems, said Finney.
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
If you think getting it right from day one is always what matters, you probably haven't been following technology too closely.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Mitigating DDoS Attacks with F5 Technology
- This document examines various DDoS attack methods and the application of specific ADC technologies to block attacks in the DDoS threat spectrum while...
- The DDoS Threat Spectrum
- Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Defending Against Denial of Service Attacks
- By utilizing end-user interviews, this whitepaper explores a deeper understanding of DDoS defense plans and reveals the knowledge gaps around the Denial of...
- Strategic Solutions for Government IT
- This paper outlines why F5 is the optimum partner to help achieve the levels of security, performance and availability that are vital to...
- Armed and Dangerous: Help your IT Organization Embrace Enterprise Mobility
- Becoming a mobile enterprise means new opportunities for your organization yet letting employees choose their own devices and then access corporate resources, apps,... All Government IT White Papers
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- Fighting Fraud Videos: IBM Intelligent Investigation Manager Short videos about IBM Intelligent Investigation Manager (IIM) for Fraud. IIM optimizes the investigation of fraud for customers across many industries in both...
- IBM Intelligent Investigation Manager: Online Product Demo Intelligent Investigation Manager optimizes fraud investigation and analysis and it dynamically coordinates and reports on cases, provides analysis and visualization, and enables more...
- Webinar: IBM IIM for Fraud, Abuse and Waste in Government View this IBM webinar to learn about the challenges and opportunities in fraud reduction, waste, and abuse in government programs and agencies. You...
- Pre-Engineered solutions from VCE Simplify Core Infrastructure Implementation In this video, the CTO of Purdue Pharma, a privately held pharmaceutical company explains how Purdue transformed their data center infrastructure with VCE.
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 12, 2013.