Data Governance and SOX 2710



  • Hi all,
    I am in a search of the information on relationship between Data governance and SOX.
    As an initiative of DATA governance what all formalities we can satisty for SOX.
    What all sections can be covered under data governance or IT security.
    Please reply fast.
    Nisman



  • Hi Nisman and welcome to the forums 🙂
    The data governance and IT security topics are very broad and I’ll share some quick ideas along with resources that might help.
    Briefly SOX 404 is to ensure the IT controls and security are in place for automated financial systems and their associated workflows. The key goal is to ensure controls will prevent exposures from occurring that could develop into material weaknesses.
    From a data governance standpoint, you need checks-and-balances, so that someone can’t commit fraudulent transactions. This may be accomplished through autonomy levels, separation-of-duties and other classical approaches. A person should not be able to create fake transactions or embezzle USDUSDUSD in any manner.
    Secondly, production data must be properly protected so that unauthorized users cannot change it. Strict security controlled boundaries between test/UAT/prod are often used. Any emergency repairs to data should be well controlled.
    Data governance could vary some from company to company, Essentially, it’s up to each company to assess their risks and implement the most effective control programs for their financial data and the associated processing systems.
    Your external SOX auditor is usually a good resource to design effective controls and answer this question more specifically for your company. COBIT 4.x standards are also used as a framework by many SOX auditors to assess controls and a copy of these detailed IT related guidelines can be found here:
    http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=1920
    Some possible links may be found in this search (please copy/paste to browser as external links aren’t permitted in forums):
    http-and-#58;//www.google.com/search?hl=en-and-q=sox data governance
    I’m not certain if my generalized answers were helpful, so please ask further questions if needed 🙂



  • Thanks herry,
    Let me go through the documents. I will get back to you for any queries on which i am very sure it will come 🙂
    Regards
    Nisman


Log in to reply