Submitted by: Submitted by tsya
Views: 401
Words: 718
Pages: 3
Category: Business and Industry
Date Submitted: 02/28/2011 10:26 AM
Abstract
Since the Sarbanes-Oxley Act of 2002, many public companies have faced
challenges while trying to comply due to the high cost and inexperience. After the bill
passed, auditors did not have a set of guidelines to follow when first auditing the
companies. As auditors gain more experience throughout these years, they have
developed more of a routine, or best practice for IT auditing.
One headache for compliance with Sarbanes-Oxley Section 404, is that the
section makes no specific mention of what controls need to be implemented to be in
compliance with SOX. How can companies comply with it, if they do not know what
they need to do to comply? Although there are varying practices within different
organizations, many choose to follow the guidelines of ITIL, ISO 17799, or COBIT.
ITIL, ISO17799, and COBIT are guidelines companies are able to follow to be
compliant with SOX. However, many companies have been able to find significant
benefits in not only complying with SOX, but with adopting one of these guidelines
beyond SOX’s scope.
4
Introduction
This term project is to explore IT auditing framework and general or best
practices. I will focus on the regulatory and compliance issues, namely the Sarbanes-
Oxley Act of 2002. Many companies choose to follow the guidelines of ITIL, ISO 17799,
or COBIT in order to comply with SOX. I will give an overview of each and how their
practices meet the requirements of SOX. These guidelines were not created in order to
specifically comply with SOX. Many companies have found that following these
guidelines not only provide themselves with compliance to SOX, but have also
experienced significant benefits. I will focus more so on COBIT, and include a case study
of Allstate Insurance and how they have adopted COBIT to comply with SOX as well as
provide benefit for the company’s overall strategy.
5
Review of Literatures
Sarbanes-Oxley
The Sarbanes-Oxley Act of 2002 is a United States federal law passed...