Computerworld - Among the tools available to companies grappling with the Sarbanes-Oxley Act are standardized frameworks for IT governance and accounting controls that can be used to link Sarbanes-Oxley documentation activities with corporate IT management procedures.
For instance, the IT Governance Institute and the Information Systems Audit and Control Association, both of which are based in Rolling Meadows, Ill., publish a set of guidelines called Control Objectives for Information and Related Technologies. The six-volume set, known informally as Cobit, contains an IT governance model as well as management guidelines for determining how effectively a company controls IT and improvements that could be made.
The two organizations released a third edition of Cobit in 2000. A majority of the documents are available for free download as an open standard at www.itgovernance.org and www.isaca.org/cobit.htm.
Cobit can serve as an effective bridge between IT governance and Sarbanes-Oxley compliance efforts, said Pamela Fredericks, a senior security consultant at Forsythe Solutions Group Inc. in Skokie, Ill. "If an IT organization follows Cobit, they'll have the documentation to help the CFO comply with [Sarbanes-Oxley]," she said.
Another framework that can be used to improve the quality of financial reporting has been developed by COSO, which is officially known as the Committee of Sponsoring Organizations of the Treadway Commission. The commission is named for James C. Treadway Jr., a former member of the Securities and Exchange Commission and the initial chairman of COSO. All COSO publications are available through the American Institute of Certified Public Accountants, which is based in New York and can be reached online at www.aicpa.org.
COSO's framework focuses on internal accounting controls and is one of the original sources used to create the Cobit guidelines. Companies can apply the accounting tenets set out by COSO to help them achieve Sarbanes-Oxley compliance, Fredericks said.
Read more about Gov't Legislation/Regulation in Computerworld's Gov't Legislation/Regulation Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
