Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:
* Planning for Succession:
Models for IT Leadership Development, June 23
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
* Managing Change: Centralizing Your IT Organization
July 29
Apply today for a FREE subscription to CIO Magazine!
News Feature
ITIL and Sarbanes-Oxley (Sarbox)
September 01, 2005 — CIO —
It’s impossible to talk about I.T. process frameworks without mentioning the Sarbanes-Oxley audit. Publicly traded companies are now required to have tight control over financial reporting and must pass two annual audits substantiating that: one for finance and one for the IT systems that produce and contain financial data. The Securities and Exchange Commission has all but formally endorsed the COSO (Committee of Sponsoring Organizations) framework as the standard for evaluating financial controls. There has been no such SEC guidance, however, for the IT audit. In the absence of specific direction, CIOs have turned to existing IT frameworks, including the IT Infrastructure Library (ITIL), to ensure that their processes for supporting financial data are sound.
Christine Rose, director of global IT at Finisar, a computer hardware manufacturer, says that the best practices in ITIL support some of the processes now required by Sarbox. "Having ITIL in place gives you a solid foundation," she says. ITIL isn’t a Sarbox solution in and of itself, however. Dave Erickson, a partner at PricewaterhouseCoopers, says Sarbox is about assessing risk. While risk assessment is an element of ITIL, it isn’t the framework’s primary focus. Furthermore, CIOs who put ITIL or any other IT framework in place solely to comply with Sarbox will have gone overboard, says Erickson. The Sarbanes-Oxley Act requires only that companies establish controls over the systems relating directly to financial reporting. ITIL, Cobit and other frameworks for IT help companies put in place general controls for IT—a good thing to have, but much broader than the narrow scope required by law.
© 2008 CXO Media Inc.
Johnson Controls Power Solutions Europe
Governance, Risk, and Compliance Management: Realizing the Value of Cross-Enterprise Solutions
SAP Solutions for Governance, Risk, and Compliance
SAP Case Study: The United Illuminating Company
Skechers, an IBM Customer Case Study
SAP Solution and Ariba Supplier Network: Best-of-Breed Benefits
Get Control of Mobile Data (and More): Improve security and reduce costs with a mobility management platform (Video webcast)
Enabling the Global Enterprise
Get a grip on your mobile workforce Webcast
Business Networks are Evolving today Webcast
Integration as a Service: Are you connected?
Zen Master Series - The Transformation of Application Development with Ascendant Technology
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
TSMC Says 2Q in Line Or Better After Major Customer Falls
Asustek to Offer Eee PC with Built-in 3G Wireless
Asustek's Latest Eee PCs Shipping in Asia in July
Lenovo Seeks Prestige in Price-Sensitive Market
Microsoft's Silverlight Draws Patent Suit
A Tale of Two City Wi-Fi's
Google Under Pressure As App Engine Requests Rise
Wall Street Beat: IT Slumps in First Half
Transcorp Insists 'We Are Not Selling SAT 3'
Four Microsoft Patches Due Tuesday; Not Rated Critical
How To Do Nearly Anything
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
