White Papers for Sarbanes-Oxley (SOX)

Sarbanes-Oxley and Its Impact on IT Organizations

Computer Associates

There are many elements to the SOX legislation, but Section 404: Management Assessment of Internal
Controls is the part that addresses the internal control over financial reporting, where IAM’s related IT controls need to be carefully considered. Section 404 is creating a challenge for management and is one area where budget for addressing control issues is typically being directed. Compliance with section 404 is also a challenge for the organization’s external auditors who now for the first time must sign-off on management’s assertions regarding the sufficiency of internal controls over financial reporting. This means that IAM related IT controls are one area where the external auditors will be focusing close attention during their audit related activities. Assuming your company must comply with SOX, the internal control report must address, among other requirements, management’s assessment of the effectiveness of the company’s internal control over financial reporting. It must also include a statement as to whether or not the
company’s internal control over financial reporting is effective. As will be discussed below, many of the relevant internal controls can often be best-addressed using IAM solutions.

View the White Paper

Share or bookmarklet this web page at: