Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· Directory
· Downloads
· FAQ
· Forums
· Search
· Sox_Admin
· Statistics
· Submit News
· Surveys
· Top 10
· Your Account

Sarbox Compliance
The appropriately named Sarbanes-Oxley Compliance Toolkit includes a whole range of materials specifically put together to both introduce, and take you through this most important of legislation.

For detailed information see the toolkit's own website: Sarbanes-Oxley Compliance


SOX Act and Security
As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.

The SOX email storage requirements can be fulfilled using the GFI MailArchiver


SOX Advertisers


Sarbanes What?
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!

Sarbanes-Oxley Act Forum: Forums

The Sarbanes Oxley Act :: View topic - Sarbanes Oxley Training tailored to satisfy COBIT
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin 

Sarbanes Oxley Training tailored to satisfy COBIT

 
Post new topic   Reply to topic    The Sarbanes Oxley Act Forum Index -> Sarbanes-Oxley Conferences & Training
View previous topic :: View next topic  
Author Message
lekatis
SoxGuru
SoxGuru


Joined: Feb 15, 2005
Posts: 302
Location: USA

PostPosted: Tue Aug 30, 2005 5:35 am    Post subject: Sarbanes Oxley Training tailored to satisfy COBIT Reply with quote

From my new web site, sarbanes-oxley-training.com

Sarbanes Oxley and Control Frameworks
COSO is the framework on controls for financial processes, accuracy of the data, and confidence in accounting procedures.

COBIT is an IT control framework. Almost all companies use COBIT for SarbanesOxley compliance to address the IT issues.

Sarbanes Oxley, Control Frameworks and Training Requirements

COBIT Framework, Planning & Organization
High-Level Control Objective: PO 7 - Manage Human Resources
Detailed control objective: PO 7.1 - Personnel Recruitment and Promotion

“Management should implement and regularly assess the needed processes to ensure that personnel recruiting and promotion practices are based on objective criteria and consider education, experience and responsibility. Management should ensure that knowledge and skill needs are continually assessed and that the organization is able to obtain a workforce that has the skills which match those necessary to achieve
organizational goals”

Detailed control objective: PO 7.2 - Personnel Qualifications
“IT management should regularly verify that personnel performing specific tasks are qualified on the basis of appropriate education, training and/or experience, as required”

Detailed control objective: PO 7.4 - Personnel Training
“Management should ensure that employees are provided with orientation upon hiring and with on-going training to maintain their knowledge, skills, abilities and security awareness to the level required to perform effectively. Education and training programmes conducted to effectively raise the technical and management skill levels of personnel should be reviewed regularly”

COBIT Framework, Planning & Organization
High-Level Control Objective: PO 10 – Manage Projects
Detailed control objective: PO 10.12 – Training Plan

“The organization’s project management framework should require that a training plan be created for every development, implementation and modification project”

COBIT Framework, Delivery & Support
High-Level Control Objective: DS 7 - Educate and Train Users
Detailed control objective: DS 7.1 - Identification of Training Needs

“In line with the long-range plan, management should establish and maintain procedures for identifying and documenting the training needs of all personnel using information services. A training curriculum for each group of employees should be established”

Detailed control objective: DS 7.2 – Training Organization
"Based on the identified needs, management should define the target groups, identify and appoint trainers, and organize timely training sessions. Training alternatives should also be investigated (internal or external location, in-house trainers or third-party trainers, etc.)"

Detailed control objective: DS 7.3 – 3 Security Principles and Awareness Training
“All personnel must be trained and educated in system security principles, including periodic updates with special focus on security awareness and incident handling. Management should provide an education and training programme that includes: ethical conduct of the IT function security practices to protect against harm from failures affecting availability,
confidentiality, integrity and performance of duties in a secure manner”


COBIT - IT Governance Maturity Model and Training Requirements

The COBIT Maturity Model allows an organization to grade itself from nonexistent (0) to optimized (5). Such capability can be exploited by auditors to help management fulfill its IT governance responsibilities

0 Non-existent - No compliance training

1 Initial /Ad Hoc - No compliance training

2 Repeatable but Intuitive - There is no formal training and communication on standards,
responsibilities are left to the individual

3 Defined Process - Management has communicated standardized procedures and
informal training is established

4 Managed and Measurable - There is full understanding of IT governance issues at all levels, supported by formal training

5 Optimized - There is advanced and forward-looking understanding of IT governance issues and solutions. Training and communication is supported by leading edge concepts and techniques. Processes have been refined to a level of external best practice, based on results of continuous improvement and maturity modeling with other organizations.

The Sarbanes Oxley Training must help the organization move beyond Maturity Level 3. Level 5 maturity is the ultimate goal.

COBIT - Critical Success Factors (CSF) and Key Goal Indicators (KGI)

We need to define Critical Success Factors (CSFs, critical factors to achieve in order to meet the training objectives) and Key Goal Indicators (KGIs, measurable indicators of the training / process achieving its goals / process objectives).
_________________
George Lekatis
President of the Sarbanes Oxley Compliance Professionals Association (SOXCPA)
www.sarbanes-oxley-association.com
Back to top
View users profile Send email Visit posters website


Display posts from previous:   
Post new topic   Reply to topic    The Sarbanes Oxley Act Forum Index -> Sarbanes-Oxley Conferences & Training All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Forums ©

 
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters.
Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox.
Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.