Navigation

    Sarbanes Oxley Corporate Governance Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Groups
    1. Home
    2. Categories
    3. Governance
    4. SOX - Sarbanes Oxley Forum Topics
    5. Control Methodologies
    Log in to post

    Control Methodologies

    • D

      COBIT Mapping: Mapping ISO/IEC 17799: 2000 With COBIT 811
      • dhanks  

      1
      0
      Votes
      1
      Posts
      620
      Views

      No one has replied

    • M

      Data Management 1629
      • Monk  

      1
      0
      Votes
      1
      Posts
      867
      Views

      No one has replied

    • B

      My organization wants to implement COBIT. Where do I start? 2334
      • bertbarndoor  

      1
      0
      Votes
      1
      Posts
      566
      Views

      No one has replied

    • H

      Microsoft PCI/DSS Compliance Planning Guide 2760
      • harrywaldron  

      1
      0
      Votes
      1
      Posts
      595
      Views

      No one has replied

    • B

      SOX and Risk assessment 891
      • Bhoopendra  

      1
      0
      Votes
      1
      Posts
      621
      Views

      No one has replied

    • M

      Anti-fraud controls 925
      • Mocha  

      1
      0
      Votes
      1
      Posts
      574
      Views

      No one has replied

    • M

      Which Cobit Processes Most Relate to SOX 927
      • marge  

      1
      0
      Votes
      1
      Posts
      536
      Views

      No one has replied

    • M

      Sample of Internal control report under section 404 1065
      • mikeladios  

      1
      0
      Votes
      1
      Posts
      635
      Views

      No one has replied

    • B

      SOX and Risk assessment 891
      • Bhoopendra  

      1
      0
      Votes
      1
      Posts
      535
      Views

      No one has replied

    • M

      Anti-fraud controls 925
      • Mocha  

      1
      0
      Votes
      1
      Posts
      532
      Views

      No one has replied

    • M

      Sample of Internal control report under section 404 1065
      • mikeladios  

      1
      0
      Votes
      1
      Posts
      512
      Views

      No one has replied

    • H

      IT Standards - Link discusses history 1725
      • harrywaldron  

      1
      0
      Votes
      1
      Posts
      567
      Views

      No one has replied

    • A

      new COSO guidance coming soon? 2105
      • Albie  

      1
      0
      Votes
      1
      Posts
      851
      Views

      No one has replied

    • A

      IT controls objectives for Sarbanes-Oxley Discussion 2274
      • AuditorSox  

      1
      0
      Votes
      1
      Posts
      592
      Views

      No one has replied

    • D

      COSO Guidance - Monitoring 2470
      • Denis  

      1
      0
      Votes
      1
      Posts
      550
      Views

      No one has replied

    • H

      Free COBIT 5 PDF copy by registering with ISACA 1920
      • harrywaldron  

      1
      0
      Votes
      1
      Posts
      617
      Views

      No one has replied

    • S

      NSAR - no self assessement 2916
      • selena151  

      1
      0
      Votes
      1
      Posts
      505
      Views

      No one has replied

    • S

      Operational review 2917
      • selena151  

      1
      0
      Votes
      1
      Posts
      556
      Views

      No one has replied

    • S

      Impact of COSO Frameworks on scope of Internal Controls 11
      • SOX-Migration  

      6
      0
      Votes
      6
      Posts
      964
      Views

      H

      We also tried to bring a integrated approach to life. But that didn’t really work out and got most of the people involved confused. There’s a thin line between sox and risk management. And most of the people can’t see the difference between operational risk, which mainly causes economic loss and financial misstatement risks. Yes - both are process related, but the goals are different and therefore the requirements. After changing to push only sox and postpone the risk management assesment after sox implemention, we’re doing quit well. Even though we’re not required too, we will finish the sox project by the end of 2004. By then we’ll implemented COSO and CObIT for sox purposes and can start from there with out risk management project.
    • S

      CISP and SOX 107
      • SOX-Migration  

      4
      0
      Votes
      4
      Posts
      605
      Views

      S

      Non-repudiation appears to be part of SOX am I right? But not part of CISP (strangely) - anyone know? I will fail SOX but not fail CISP if I dont have non-repudiation of credit card transactions?? Non-repudiation is an objective in both Cobit and COSO. ‘Where appropriate, controls exist to ensure that transactions cannot be denied by either party and that controls are implemented to provide nonrepudiation of origin or receipt, proof of submission and receipt of transactions.’ DS 5.15 However… If after doing a risk / benefit analysis you determine that its not economically or other wise feasable for you to meet this requirement you need to put in controls to mitigate this risk. They do need to be strong controls because if one side can repudiate then incorrect financial information can be put into the system. It depends also on the dollar amounts that might be repudiated etc etc. I think if you sit down with your controller / CFO etc they can come up with controls ot mitigate the repudiation risk.