COBIT 4.0 with sox 1243

  • To,

    Can you help me to understand the impact of cobit4.0 version on mapping it with sarbanes oxlay act.

  • Amit,
    In order to comply with Sarbanes Oxley, you need to understand the COSO framework. The most important message from COSO: Before speaking about risks, have business objectives. The real risk is not to meet these objectives.
    MISSION… STRATEGY… ENTITY WIDE OBJECTIVES… ACTIVITY WIDE OBJECTIVES… RISKS (not to meet these objectives)… CONTROLS (what you do for these risks).
    This is the COSO risk assessment. We do not speak about risks from hackers and enemies… we speak about the risk not to meet our business objectives.
    COBIT (version 3 and 4) has ready IT objectives.
    You do not have to comply with COBIT, you only ‘borrow’ these IT objectives and use them in your COSO documentation

Log in to reply