Security Auditing 38



  • Hi,
    what are the implications of the SOX act on the security auditing?
    Thanks



  • This post is deleted!


  • This post is deleted!


  • As with many aspects of legislation, being SEEN to take the correct actions can sometimes be as important as taking them. This is one of the reasons why many are beginning to follow the ISO 17799 security standard for information security and auditing. For more information on this standard, there is a link to the ISO17799 Newsletter in the left hand panel of this page.



  • IT Security is considered as a general IT control.
    That’s because security applies to many systems which also have impact on the financial statement preperation e.g. SAP. The impact of a not secure infrastructure will be that accounting principles are to be questioned and therefore the correctness of the accounting records.
    You can imagine what that means in terms of financial misstatement risk.
    Mostly IT dept. will have a general IT security police in place. That’s fine, but if you don’t have one, keep in mind that you ‘only’ need to cover the systems involved in the financial processes.
    But it makes sence to cover the hole infrastucture.


Log in to reply