SOX News

New Italian Translation of IT Control Objectives for Sarbanes-Oxley Offers Guidance on Performing IT Assessments

(Nov 28, 2008)-- To help Italian-speaking executives and information technology (IT) professionals focus on scoping and performing an IT assessment for financial reporting controls in line with Sarbanes-Oxley and similar legislation, ISACA has developed an Italian translation of the IT Governance Institute’s (ITGI’s) IT Control Objectives for Sarbanes-Oxley, 2nd Edition. The publication is available as a free download at www.isaca.org/sox.

ITGI is the research affiliate of ISACA, a professional association serving more than 86,000 IT governance professionals in 160 countries.

Two ISACA chapters assisted in the translation of the ITGI publication—the Rome Chapter and the Milan Chapter.

“The new ‘compliance regulations’ of July 2007 issued by the Bank of Italy require a principle-based approach to IT governance based on best practices,” explained Agatino Grillo, board member of the ISACA Rome Chapter. “COBIT is one of the most generally accepted IT frameworks in Italian banks, so we decided to translate IT Control Objectives for Sarbanes-Oxley, 2nd Edition, into Italian to make its adoption by financial institutions easier.”

“The Milan Chapter of ISACA always strives to give members the largest possible number of tools to help them in the IT profession, and this translation is a natural continuation of these efforts,” said Silvano Ongetta, ISACA Milan Chapter president.

IT Control Objectives for Sarbanes-Oxley, first published in 2004 and reissued in an updated version in 2006, has been downloaded nearly half a million times. Companies worldwide have used it as a tool for evaluating IT controls in support of Sarbanes-Oxley compliance and other global financial reporting requirements. Experts from many organizations and issuers, including the top 10 accounting and professional firms, provided input and direction for the publication.

The second edition incorporates the lessons learned regarding financial reporting and IT controls since the first edition was issued—most significantly, the need to take a top-down, risk-based approach in Sarbanes-Oxley compliance programs to ensure that sufficient attention is given to high-risk areas. Additional enhancements include:

* A stronger focus on scoping and risk assessment
* Specific guidance on prioritizing and defining relevant controls
* Details on identifying and addressing application controls and providing a business case for using them
* A simplified readiness road map
* A cross-reference to COBIT 4.0
* Insights into cultural and people management issues to highlight the human factors to consider when complying with Sarbanes-Oxley

Share or bookmarklet this web page at: