IT Automation: Improving Processes and Reducing the Cost of Compliance  
  SEARCH: Sign In | Register | Contact Us | Site Map | Home  

White Papers for Sarbanes-Oxley (SOX)

IT Automation: Improving Processes and Reducing the Cost of Compliance

Symark Software

IT professionals are well aware of the pains associated with SOX compliance, from the ongoing testing of IT controls to the escalating costs to the burden on limited staff resources. Thanks to some recent changes to SOX regulations, companies that automate anti-fraud IT controls -- including those surrounding privileged user accounts -- have the opportunity to reduce the high costs of SOX testing and reap the benefits of a process-driven approach to compliance.

With the May 2007 adoption of Auditing Standard No. 5 (AS 5), internal and external auditors now have greater authority in making judgments about which IT general controls must be tested, and can focus their attention on the ones that relate to processes that should help a company avoid material weaknesses in financial statements. The savings can be substantial, now that auditors can be guided by their own judgments and scoping methodologies such as the Guide to the Assessment of IT (GAIT) General Controls Scope Based on Risk.

But to realize these savings, companies need to automate their anti-fraud controls. Manual controls, for the most part, simply arenbt as effective, and theybre certainly more time-consuming to test. Two of the biggest areas for improvement and the need for automation include: Default user names and passwords in vendorsb products that are never changed or removed, and thus can be used to perpetrate fraud; and the root/administrator password that, if freely shared, can give fraudsters the anonymous ability to access an in-scope financial system and change its data or schema.

For auditors, itbs all about accountability and the proper identification of users and their activities -- and specifically the privileged account users who administer corporate systems. Companies that automate these processes will not only reduce the cost of SOX compliance, but they will have best practices in place to better protect proprietary information and systems.

View the White Paper



Share or bookmarklet this web page at:



Google
Privacy Policy | Terms & Conditions | Support | Directory Links | Contact Us | Site Map | Home
Copyright © 2007-2008 ComplianceHome.com. A SUPREMUS GROUP venture. All rights reserved.