The abrupt failures of Silicon Valley Bank and Signature Bank, and subsequent concerns about the stability of other banks have reignited a fierce debate among lawmakers, and industry leaders, about an array of reporting reforms and regulatory changes. Where does Sarbanes Oxley stand given the current conditions?
The audit spotlight now shines on enterprises in all industries. There now have been years of regulation and embarrassing data breaches, and the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work.
Sarbanes-Oxley Section 404 requires that:
Enterprises have an enterprise-wide security policy;
Enterprises have an enterprise-wide classification of data for security, risk, and business impact;
Enterprises have security-related standards and procedures;
Enterprises have formal security-based documentation, auditing, and testing in place;
Enterprise enforces separation of duties; and
Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.
To that end, Janco has re-vamped its SOX Checklist and provided a spreadsheet that aids organizations to:
Keep reading with a 7-day free trial
Subscribe to CIO and IT Management Newsletter to keep reading this post and get 7 days of free access to the full post archives.