AS400 Sox Control Help 1694



  • I am looking for help on comprising a list of controls to be tested on the AS400 system security level, not the OS level. I know a full controls that need to be tested User Level, passwords, locked out accounts, deleted accounts and account changes. Can some one provide me with a list to help out me out πŸ˜„



  • Hi Mike and welcome to the forums πŸ™‚
    While SOX 404 standards advocate best security practices for IT financial systems, they do this in a generic fashion. It is not vendor specific as corporations may have a wide range of implementations for their financial systems (e.g., server, midrange, or mainframe type applications).
    For the most part SOX IT recommendations would follow the traditional recommended guidelines on most audit checklists. For SOX related IT audits, the emphasis will be on technological and workflow controls related to the AS/400 environment.
    I’ve read that most external auditors use the COBIT 4.0 standards as guidelines for compliancy checklists, so this is worthwhile to review:
    Home page for COBIT 4.0 standards
    Please add www and paste into browsers as direct links aren’t allowed in forums
    isaca.org/cobit/
    google.com/search?hl=en-and-q=cobit 4.0
    There are some good AS/400 related links that might help as well:
    AS/400 SOX related links
    google.com/search?-and-q=sox as400 security recommendations
    ahtechnology.com.au/SOXRequirementsWhitePaper.pdf
    Good luck πŸ™‚



  • Thankyou. πŸ˜„



  • There are a number of reasonable free audit programmes at auditnet.org - requires registration though.


Log in to reply