IT Controls

This publication provides CIOs, IT managers, and control and assurance professionals with scoping and assessment ideas, approaches and guidance in support of the IT-related Committee of Sponsoring Organizations of the Treadway Commission (COSO) internal control objectives for financial reporting. Enhancements include:

  • Focus on scoping and assistance in performing an IT risk assessment for Sarbanes-Oxley
  • Insights into cultural and people management issues to highlight the human factors that need to be considered when complying with Sarbanes-Oxley
  • Guidance on application controls added to assist companies in identifying and addressing various types of application controls and providing a business case for using application controls
  • Changes to the readiness road map to simplify the process
  • Cross references to COBIT 4.0 processes
  • Guidance on segregation of duties for significant applications
  • Issues in and approach for using SAS 70 examination reports

The second edition was also updated for recent SEC and PCAOB guidance related to entity level controls, risk based/top down approach, application controls and evaluation of deficiencies