An updated edition of the globally demanded IT Control Objectives for Sarbanes-Oxley was released today by the nonprofit, independent IT Governance Institute (ITGI) and is available as a complimentary download at www.itgi.org.
The first edition of the guidance, published in 2004, has been downloaded more than a quarter of a million times. Companies around the world have used it as a tool for evaluating information technology controls in support of Sarbanes-Oxley compliance and other global financial reporting requirements.
Experts from many organizations and issuers, including the top 10 accounting and professional firms, provided input and direction for the publication. Ã‚Â The document underwent a 60-day exposure process, and was enhanced based on comments received from more than 100 respondents.
The second edition incorporates many of the lessons learned regarding financial reporting and IT controls since the first edition of the publication was issued—most significantly, the need to take a top-down, risk-based approach in Sarbanes-Oxley compliance programs to ensure that sufficient attention is given to high-risk areas. Additional enhancements include:
Ã‚Â·Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â A stronger focus on scoping and risk assessment
Ã‚Â·Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Specific guidance on prioritizing and defining relevant controls
Ã‚Â·Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Details on identifying and addressing application controls and providing a business case for using them
Ã‚Â·Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â A simplified readiness road map
Ã‚Â·Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â A cross-reference to CobiT 4.0 processes
Ã‚Â·Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Insights into cultural and people management issues to highlight the human factors that need to be considered when complying with Sarbanes-Oxley