Wednesday, September 07, 2005
Integrating IT Controls and Sarbanes-Oxley
IT is often new territory for both internal and external auditors. IT entity-level, general, and application controls have not been a traditional education focus in business schools or training through companies and public accounting firms. Although this is now changing, the learning curve is not necessarily easy, as voiced by companies and auditors alike in response to Section 404 challenges and escalating costs.
A company's tone at the top, starting with its chief executive officer (CEO), drives its control environment and is considered the foundation of all controls. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) helped set the stage through its Internal Control – Integrated Framework, by defining control environment as "an atmosphere in which people conduct their activities and carry out their control responsibilities." Documenting, testing, and reporting on an atmosphere is new territory for many. Fortunately, the COSO framework provides solid guidance to accomplish this feat.
posted by Brian Moran @ 10:33 AM