IT Braces for 'J-SOX' Rules
Japan imposing new financial controls framework similar to Sarbanes-Oxley
Computerworld - Japanese companies and their international subsidiaries have started prepping for next year’s implementation of a corporate governance framework that’s comparable to the requirements imposed by the Sarbanes-Oxley Act in the U.S.
Many U.S.-based IT managers have started working on processes to ensure compliance with the emerging financial controls requirements, informally known as J-SOX, even though initial details aren’t expected until next month.
“This is just like the early stages of Sarbanes-Oxley — nobody really knows” the specific requirements yet, said Michael Pellegrino, vice president of IT at Fuji Photo Film U.S.A. Inc., a Valhalla, N.Y.-based subsidiary of Tokyo-based Fujifilm Corp.
As the largest of Fujifilm’s 12 North American subsidiaries, Pellegrino’s group is following the lead of its parent firm’s IT operations on what steps it should take to document its IT controls.
Pellegrino noted that as part of its due-diligence efforts, his company is already creating a “matrix” of all its hardware, the IP addresses for those machines and the software that runs on them.
He said that his organization expects to document the controls it has in place for several IT processes that could affect the company’s financial activities. Among them are those related to the procurement and development of software applications, the procurement and development of IT infrastructure, the deployment and testing of IT, and the management of third-party IT services. Sarb-Ox Lessons Learned
J-SOX, officially known as the Financial Instruments and Exchange Law, is scheduled to go into effect in April 2008 for roughly 3,800 companies listed in Japan, along with their foreign subsidiaries.
Japan’s Financial Services Agency — similar to the U.S. Securities and Exchange Commission — moved to create J-SOX laws following accounting scandals involving companies such as Seibu Railway Co., Livedoor Co. and the Murakami Fund.
Marios Damianides, an IT risk management consultant and partner at Ernst & Young LLP in New York, said he expects that the relaxation of some Sarbanes-Oxley requirements by the Public Company Accounting Oversight Board in the U.S. late last year should help ensure that the J-SOX rules won’t be excessive for businesses.
The lessons learned from U.S. companies’ Sarbanes-Oxley efforts will lead Japan’s Financial Services Agency to “soften J-SOX [requirements] a little bit,” said Damianides, a former international president of the Information Systems Audit and Control Association.
That work will involve tracking and monitoring the company’s global IT systems, as well as documenting the security safeguards it has in place for each of those systems, said Finney.
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5
- This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms
- In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86
- Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye
- Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe. All Government IT White Papers
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope...
- All Government IT Webcasts