Compliance Effort: Start Point? 912

  • Due to the unavailable resources in IT, I am the designated IT compliance person.
    I’ve been involved with SOX projects but have never spearheaded any compliance effort for IT overall… (unless it’s SOX related)…
    Any suggestions or advise on where I should begin?
    I would appreciate your feedback and direction greatly.

  • This can actually be a good thing. Since you have SOX knowledge from the business perspective, you can apply what you know to make your IT compliance more efficient.
    For a starting point in your research, IT controls will need to be broken into two categories: General Controls and Application Controls. The one guiding principle to keep in mind throughout your IT compliance is that you only need to evaluate the systems and processes that end up affecting your key controls over financial reporting.
    So your starting point should be your normal SOX key controls, then you should work backwards to determine which systems and processes in those systems need to be included in your documentation and testing.

  • Thank you so much for your reply.
    Your feedback and guidance is greatly appreciated.

  • Soxgal,
    How is your IT compliance project going?

Log in to reply