An updated edition of the globally demanded IT Control Objectives
for Sarbanes-Oxley was released today by the nonprofit, independent IT
Governance Institute (ITGI) and is available as a complimentary
download at www.itgi.org.
The first edition, published in 2004, has been downloaded more
than 250,000 times. Companies worldwide have used it to evaluate
information technology (IT) controls in support of Sarbanes-Oxley
compliance and other financial reporting requirements.
Experts from many organizations and issuers, including the top 10
accounting and professional firms, provided input for the publication.
The document underwent a 60-day exposure process, and was enhanced
based on comments received from more than 100 respondents.
The second edition incorporates lessons learned regarding
financial reporting and IT controls since the first edition was
issued--most significantly, the need to take a top-down, risk-based
approach in Sarbanes-Oxley compliance programs to ensure that
sufficient attention is given to high-risk areas. Additional
enhancements include:
-- A stronger focus on scoping and risk assessment
-- Specific guidance on prioritizing and defining controls
-- Details on identifying and addressing application controls and
providing a business case for using them
-- A simplified readiness road map
-- A cross-reference to COBIT 4.0
-- Insights into cultural and people management issues to
highlight the human factors to consider when complying with
Sarbanes-Oxley
"Many companies have gone through their first two Sarbanes-Oxley
cycles and are looking for guidance on improving IT controls, reducing
risks and improving value. We are also noticing an increase in
international registrants that are starting to address Sarbanes-Oxley
and similar legislation, and require guidance," said Ken Vander Wal,
CISA, CPA, one of the publication's developers. "This publication
helps executives and professionals assess the current state of their
IT control environment, design controls to meet the Act's directives
and execute a testing strategy for compliance."
Print copies of the publication are available for purchase from
www.isaca.org/bookstore.
ITGI (www.itgi.org) was established by ISACA in 1998 to advance
international thinking and standards in directing and controlling an
enterprise's information technology. ITGI developed COBIT and offers
original research and case studies to assist enterprise leaders and
boards with IT governance responsibilities.
