Solution Centers

MORE

Everything Else

Virtual Conferences

Security Directions
On demand until December 30, 2009

Navigating Through Dynamic Times by Cisco
On demand until November 20, 2009

Ways to connect with CIO

all RSS RSS Feeds

Subscribe to All of CIO.com

Subscribe to Mobile

Subscribe to Web 2.0

Subscribe to Careers

Subscribe to ERP

CLOUD COMPUTING

Drilldowns

Beats

Global Warming Research Exposed After Hack

TECHNOLOGY
- Infrastructure
  - Cloud Computing
  - Network
  - Security
  - Client
    - Desktop
    - Laptop
    - Laptop - Macbook
    - PDA
  - Server
    - Load Balancing
  - Mobile
  - Operating Systems
    - Windows
    - Windows - Vista
    - Linux
    - Mac
    - Mac - Leopard
    - Unix
    - Other
  - Data Center
  - Virtualization
- Applications
- Development
  - Open Source
  - Eclipse
  - Java
  - .NET
  - Agile
  - Web Services
- Architecture
  - Enterprise Architecture
LEADERSHIP

IT DRILLDOWN

Cloud Computing

CIO Enterprise Newsletter

NEWSLETTERS

CIO.com updates, insights and advice on technology, management and your career.

LEADERSHIP

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

CIO Executive Council

A Peer-Advisory Service and Professional Association for CIOs

Public Council Teleconference: Application Rationalization — Hidden Costs and Smart Decisions

November 17 at 11:00 am US/Eastern (GMT-5)

Join Honorio Padrón, of The Hackett Group, who will share the drivers for companies to tackle application rationalization and the results of research that define the hidden cost of complexity. Additionally, we will discuss key decision milestones—to start or not, holding the course steady and fulfilling expectations.

Virtual Desktop Cost-Benefit Analysis — Michael Jacobs, Catlin Group

The analysis contained in this presentation measures the cost of everything from the machines and licenses to the infrastructure for virtual vs. traditional desktop environments.

Honor your best senior team members - Apply for the CIO Ones to Watch Award

Get well-earned public recognition for your top up-and-coming team members, your IT organization and your enterprise. Award winners will be announced, publicized and feted in May 2010, great timing to help attract new IT recruits to your company.

More / Register »

Learn more about the CIO Executive Council »

RESOURCE CENTER

buy a link »

News Feature

ITIL and Sarbanes-Oxley (Sarbox)

It’s impossible to talk about I.T. process frameworks without mentioning the Sarbanes-Oxley audit. Publicly traded companies are now required to ...

Leave a comment

By Ben Worthen

September 01, 2005 — CIO —

It’s impossible to talk about I.T. process frameworks without mentioning the Sarbanes-Oxley audit. Publicly traded companies are now required to have tight control over financial reporting and must pass two annual audits substantiating that: one for finance and one for the IT systems that produce and contain financial data. The Securities and Exchange Commission has all but formally endorsed the COSO (Committee of Sponsoring Organizations) framework as the standard for evaluating financial controls. There has been no such SEC guidance, however, for the IT audit. In the absence of specific direction, CIOs have turned to existing IT frameworks, including the IT Infrastructure Library (ITIL), to ensure that their processes for supporting financial data are sound.

Christine Rose, director of global IT at Finisar, a computer hardware manufacturer, says that the best practices in ITIL support some of the processes now required by Sarbox. "Having ITIL in place gives you a solid foundation," she says. ITIL isn’t a Sarbox solution in and of itself, however. Dave Erickson, a partner at PricewaterhouseCoopers, says Sarbox is about assessing risk. While risk assessment is an element of ITIL, it isn’t the framework’s primary focus. Furthermore, CIOs who put ITIL or any other IT framework in place solely to comply with Sarbox will have gone overboard, says Erickson. The Sarbanes-Oxley Act requires only that companies establish controls over the systems relating directly to financial reporting. ITIL, Cobit and other frameworks for IT help companies put in place general controls for IT—a good thing to have, but much broader than the narrow scope required by law.

© 2009 CXO Media Inc.

Print

Share [+]

TOOLS

Comments

LinkedIn

RELATED

WHITE PAPERS

Connecting Capital Planning, Construction, and Everything in Between

Finding and developing delivery efficiencies and increasing project productivity through the use of technology facilitate: proactive project management, risk management, the automation of key AEC business processes.

How to Accelerate ROI on Governance

Better manage GRC to focus on the strategic projects that will help your business succeed.

The Tripwire HIPAA Solution

Learn how Tripwire Enterprise helps meet the detailed technical requirements of HIPAA.

Beyond PCI Checklists: Securing Cardholder Data

How do organizations pass their PCI DSS audits yet still suffer security breaches?

Best Practices to Mitigate Risk

Make SOX Efforts More Effective

PCI Compliance

This paper explains how Red Hat technologies can meet or exceed the various requirements of PCI Compliance.

WEBCASTS

Enhance SAP

New research from AMR shows that SAP environments can be dramatically more efficient with the addition of document ...

Extending Client Refresh - 11 Steps to Maximize Savings

11 Steps to Maximize Savings

CIOs Weigh In On Virtualization

Date: November 19, 2009 Time: 2:00 PM EST

Jim Malone, Editorial Director of CXO Media's C...

Beyond Installing ITPM Software: How a global company reduced risk and successfully implemented ITPM

Hear directly from one of your peers who has reduced risk and successfully implemented ITPM in this Live Webcast. ...

IT Consolidation Made Easy

The Primary IT Initiative for Reducing Costs

Taking a Seat at the Executive Table: The Reality of Virtualization

This year, for the first time, the number of virtual machines is on track to exceed the number of physical machines...

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

Global Warming Research Exposed After Hack

Silicon Valley Abuzz About Tech Video That Lets You Command a Computer With Gestures

Two Approaches to NFC Battle for French Hearts and Mobiles

Palm Pixi Smartphones Now Just $25

FCC: Internet Program for Deaf Cheated Out of Millions

Judge Sets Schedule for Google Book Search Case

Twitter Geotagging: What You Need to Know

Twitter Turns on Geolocation Functionality

Some Nook E-Readers Won't Make it for the Holidays Either

Google's Chrome OS Hits BitTorrent

WHITE PAPERS

The Capital Delivery Revolution and Technology: Connecting Capital Planning, Construction, and Everything in Between

How to Accelerate ROI on Governance, Risk and Compliance Initiatives

The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164

Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring

Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs

PCI Compliance with Red Hat Enterprise Linux

Ensuring Web Service Quality for Service-Oriented Architectures

Composite Application Management: Bridging the IT Visibility Gap in Complex Composite Applications

Upgrading to VMware vSphere with vWire

How Midsize Businesses Are Using ERP To Gain Competitive Advantage in a Tough Economy

Why BI is Ripe - Now! - For Businesses of Any Size

Oracle Accelerate - Not Just Smart but Timely

Leveling the Field: Powerful Software Solutions for Midsize Companies

Managed Security for a Not-So-Secure World

Oracle Business Brief - Keeping hold of your customers, especially in tough economic conditions

Analytics Partners - Delivering Faster and More Strategic BI

Oracle Business Brief - Business Continuity - Are You Always Open for Business?

4G Revisited. The Continued Evolution of Wireless Mobility.

Top 10 Lessons Learned for Corporate 3G Mobile Broadband Deployments

Proven Ideas for Tough Times

More White Papers »

FEATURED SPONSORS

SPONSORED LINKS

Upgrading to VMware vSphere with vWire

Maximizing website Return on Information with high-quality search

Gartner Magic Quadrant, Application Delivery Controllers 2009

Authentication as a Service by Forrester Research

Learn How Web Site Performance Impacts Shopper Behavior

Build a Foundation for Unified Communications

Removing the Barriers to IT Governance: How On-Demand Software Changes the Game

Should Your Email Live In The Cloud? A Comparative Cost Analysis

Learn about the growing threat of insider data theft.

Adobe® LiveCycle® solutions for business process automation

10 Ways Excel Drives More Value from Your SAP Investment

The Key to Proving and Improving the Value of IT to the Company

Unleash the Power of Java with Oracle JRockit Real Time

Taking the Service Desk to the Next Level

Return on Information: Google Enterprise Search pays you back. Get the facts.

VMware. The source for Business Infrastructure Virtualization.

ShoreTel tells businesses to untangle from competitors' complexity and turn to its brilliantly simple UC solution

See how AT&T can help protect your network.

Streamline IT Costs. Boost Performance with WAN Optimization.

Build your 1st app FREE with Force.com

TDWI checklist helps define data readiness for analytics. Download report.

A Clear View Toward Virtualization

Virtualization Technology as a Business Solution

The rules of infrastructure management just changed.

A Clear View Toward Virtualization

Return on Information: Google Enterprise Search pays you back

ROI of Application Delivery Controllers

Making Consumer Two-Factor Authentication Simple and Cost-Effective

Webcast: Unleashing the Power of Customer Data

Disciplined Autonomy: Resolving the Tension Between Flexibility and Control

Enterprise Capture: Your Onramp to Business Process Automation

Cloud Computing--What is its Potential Value for Your Company?

Seven Design Requirements for Web 2.0 Threat Protection

How Consumerization of IT Will Make Your Business More Productive

How does a software company save big with Green IT?

Translate business strategy into IT strategy and obtain maximum benefits.

eBook: How Can You Make Your People Productive Anywhere?

Mind the Talent Gap: Global Survey on IT and HR trends and challenges

"Enterprise-Proven" is the Prerequisite for Enterprise SaaS Portal Solutions

AT&T Synaptic Storage as a Service. Expand on demand

Trend Micro ranked #1 against real-world malware. Read more.

Webinar: Jump-start your in-house e-discovery with Ringtail QuickCull from FTI Technology

Top Five CIO Challenges

Read the RSA report: Security for Business Innovation

64-page prescriptive guide to security, compliance, and IT operations.

Increase UPS efficiency without sacrificing protection.

eZine: A Roadmap to Reducing IT Complexity

Reduce risk, gain agility. See how Progress can help your business.

Virtualization Technology as a Business Solution

eZine: A Roadmap to Reducing IT Complexity