IT Governance Institute Releases Update of Popular Sarbanes-Oxley Guidance


    An updated edition of the globally demanded IT Control Objectives
    for Sarbanes-Oxley was released today by the nonprofit, independent IT
    Governance Institute (ITGI) and is available as a complimentary
    download at www.itgi.org.

    The first edition, published in 2004, has been downloaded more
    than 250,000 times. Companies worldwide have used it to evaluate
    information technology (IT) controls in support of Sarbanes-Oxley
    compliance and other financial reporting requirements.

    Experts from many organizations and issuers, including the top 10
    accounting and professional firms, provided input for the publication.
    The document underwent a 60-day exposure process, and was enhanced
    based on comments received from more than 100 respondents.

    The second edition incorporates lessons learned regarding
    financial reporting and IT controls since the first edition was
    issued--most significantly, the need to take a top-down, risk-based
    approach in Sarbanes-Oxley compliance programs to ensure that
    sufficient attention is given to high-risk areas. Additional
    enhancements include:

    -- A stronger focus on scoping and risk assessment

    -- Specific guidance on prioritizing and defining controls

    -- Details on identifying and addressing application controls and
    providing a business case for using them

    -- A simplified readiness road map

    -- A cross-reference to COBIT 4.0

    -- Insights into cultural and people management issues to
    highlight the human factors to consider when complying with
    Sarbanes-Oxley

    "Many companies have gone through their first two Sarbanes-Oxley
    cycles and are looking for guidance on improving IT controls, reducing
    risks and improving value. We are also noticing an increase in
    international registrants that are starting to address Sarbanes-Oxley
    and similar legislation, and require guidance," said Ken Vander Wal,
    CISA, CPA, one of the publication's developers. "This publication
    helps executives and professionals assess the current state of their
    IT control environment, design controls to meet the Act's directives
    and execute a testing strategy for compliance."

    Print copies of the publication are available for purchase from
    www.isaca.org/bookstore.

    ITGI (www.itgi.org) was established by ISACA in 1998 to advance
    international thinking and standards in directing and controlling an
    enterprise's information technology. ITGI developed COBIT and offers
    original research and case studies to assist enterprise leaders and
    boards with IT governance responsibilities.