Navigation

    Sarbanes Oxley Corporate Governance Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Groups
    1. Home
    2. Categories
    3. Governance
    4. SOX - Sarbanes Oxley Forum Topics
    5. Control Methodologies
    Log in to post

    Control Methodologies

    • D

      COBIT Mapping: Mapping ISO/IEC 17799: 2000 With COBIT 811
      • dhanks  

      1
      0
      Votes
      1
      Posts
      643
      Views

      No one has replied

    • M

      Data Management 1629
      • Monk  

      1
      0
      Votes
      1
      Posts
      876
      Views

      No one has replied

    • B

      My organization wants to implement COBIT. Where do I start? 2334
      • bertbarndoor  

      1
      0
      Votes
      1
      Posts
      585
      Views

      No one has replied

    • H

      Microsoft PCI/DSS Compliance Planning Guide 2760
      • harrywaldron  

      1
      0
      Votes
      1
      Posts
      622
      Views

      No one has replied

    • B

      SOX and Risk assessment 891
      • Bhoopendra  

      1
      0
      Votes
      1
      Posts
      641
      Views

      No one has replied

    • M

      Anti-fraud controls 925
      • Mocha  

      1
      0
      Votes
      1
      Posts
      596
      Views

      No one has replied

    • M

      Which Cobit Processes Most Relate to SOX 927
      • marge  

      1
      0
      Votes
      1
      Posts
      551
      Views

      No one has replied

    • M

      Sample of Internal control report under section 404 1065
      • mikeladios  

      1
      0
      Votes
      1
      Posts
      650
      Views

      No one has replied

    • B

      SOX and Risk assessment 891
      • Bhoopendra  

      1
      0
      Votes
      1
      Posts
      548
      Views

      No one has replied

    • M

      Anti-fraud controls 925
      • Mocha  

      1
      0
      Votes
      1
      Posts
      558
      Views

      No one has replied

    • M

      Sample of Internal control report under section 404 1065
      • mikeladios  

      1
      0
      Votes
      1
      Posts
      533
      Views

      No one has replied

    • H

      IT Standards - Link discusses history 1725
      • harrywaldron  

      1
      0
      Votes
      1
      Posts
      592
      Views

      No one has replied

    • A

      new COSO guidance coming soon? 2105
      • Albie  

      1
      0
      Votes
      1
      Posts
      868
      Views

      No one has replied

    • A

      IT controls objectives for Sarbanes-Oxley Discussion 2274
      • AuditorSox  

      1
      0
      Votes
      1
      Posts
      620
      Views

      No one has replied

    • D

      COSO Guidance - Monitoring 2470
      • Denis  

      1
      0
      Votes
      1
      Posts
      568
      Views

      No one has replied

    • H

      Free COBIT 5 PDF copy by registering with ISACA 1920
      • harrywaldron  

      1
      0
      Votes
      1
      Posts
      650
      Views

      No one has replied

    • S

      NSAR - no self assessement 2916
      • selena151  

      1
      0
      Votes
      1
      Posts
      529
      Views

      No one has replied

    • S

      Operational review 2917
      • selena151  

      1
      0
      Votes
      1
      Posts
      572
      Views

      No one has replied

    • S

      Impact of COSO Frameworks on scope of Internal Controls 11
      • SOX-Migration  

      6
      0
      Votes
      6
      Posts
      1005
      Views

      H

      We also tried to bring a integrated approach to life. But that didn’t really work out and got most of the people involved confused. There’s a thin line between sox and risk management. And most of the people can’t see the difference between operational risk, which mainly causes economic loss and financial misstatement risks. Yes - both are process related, but the goals are different and therefore the requirements. After changing to push only sox and postpone the risk management assesment after sox implemention, we’re doing quit well. Even though we’re not required too, we will finish the sox project by the end of 2004. By then we’ll implemented COSO and CObIT for sox purposes and can start from there with out risk management project.
    • S

      CISP and SOX 107
      • SOX-Migration  

      4
      0
      Votes
      4
      Posts
      642
      Views

      S

      Non-repudiation appears to be part of SOX am I right? But not part of CISP (strangely) - anyone know? I will fail SOX but not fail CISP if I dont have non-repudiation of credit card transactions?? Non-repudiation is an objective in both Cobit and COSO. ‘Where appropriate, controls exist to ensure that transactions cannot be denied by either party and that controls are implemented to provide nonrepudiation of origin or receipt, proof of submission and receipt of transactions.’ DS 5.15 However… If after doing a risk / benefit analysis you determine that its not economically or other wise feasable for you to meet this requirement you need to put in controls to mitigate this risk. They do need to be strong controls because if one side can repudiate then incorrect financial information can be put into the system. It depends also on the dollar amounts that might be repudiated etc etc. I think if you sit down with your controller / CFO etc they can come up with controls ot mitigate the repudiation risk.