| Preface |
|
13 | (2) |
| What This Book Covers |
|
15 | (2) |
| This Book's Target Audicence |
|
17 | (1) |
| How to Use This Book |
|
18 | (1) |
|
Part 1: Sarbance Oxley and Regulatory Agencies |
|
|
|
Sarbances Oxley Highilights |
|
|
19 | (10) |
|
|
|
20 | (2) |
|
|
|
22 | (2) |
|
|
|
24 | (1) |
|
|
|
24 | (2) |
|
|
|
26 | (1) |
|
|
|
27 | (2) |
|
Regulatory Agencaies and Control Frameworks |
|
|
29 | (12) |
|
|
|
30 | (1) |
|
|
|
31 | (1) |
|
|
|
31 | (1) |
|
Foreign Corrupt practices ACt |
|
|
32 | (1) |
|
|
|
32 | (1) |
|
|
|
32 | (2) |
|
|
|
34 | (1) |
|
|
|
35 | (1) |
|
|
|
35 | (1) |
|
POB Report on Audit Effectivess |
|
|
36 | (1) |
|
|
|
36 | (1) |
|
|
|
37 | (1) |
|
|
|
37 | (2) |
|
|
|
39 | (2) |
|
Part 2: Controls and IT Infrastructure |
|
|
|
|
|
41 | (12) |
|
|
|
42 | (1) |
|
|
|
43 | (1) |
|
|
|
44 | (2) |
|
|
|
46 | (1) |
|
|
|
47 | (4) |
|
|
|
51 | (2) |
|
|
|
53 | (16) |
|
|
|
54 | (1) |
|
|
|
55 | (3) |
|
|
|
58 | (9) |
|
|
|
67 | (2) |
|
Establishment of a Sound It Control Insfrastructure |
|
|
69 | (18) |
|
|
|
70 | (1) |
|
|
|
71 | (1) |
|
|
|
72 | (3) |
|
|
|
75 | (3) |
|
|
|
78 | (1) |
|
|
|
78 | (7) |
|
|
|
85 | (1) |
|
|
|
85 | (2) |
|
Proactive IT Control Acativities |
|
|
87 | (1) |
|
|
|
88 | (1) |
|
|
|
89 | (4) |
|
|
|
93 | (1) |
|
|
|
94 | (1) |
|
|
|
95 | (7) |
|
|
|
102 | (5) |
|
Independent External Assessements |
|
|
107 | (1) |
|
|
|
108 | (12) |
|
Assesemnt of IT Copntrols and Evaluation of Effectiveness |
|
|
111 | (108) |
|
|
|
112 | (1) |
|
validate and Record Issues |
|
|
112 | (1) |
|
|
|
113 | (2) |
|
Establidh Correvtive Action Plans |
|
|
115 | (1) |
|
|
|
115 | (1) |
|
Review with Audit Committee |
|
|
115 | (1) |
|
Assessemnt of Control postru |
|
|
116 | (1) |
|
Risk Assessemnts on SOX Recommendations |
|
|
116 | (1) |
|
|
|
116 | (1) |
|
|
|
117 | (2) |
|
Part 2: The audit Process |
|
|
|
|
|
119 | (14) |
|
|
|
120 | (2) |
|
|
|
122 | (1) |
|
|
|
123 | (1) |
|
|
|
124 | (2) |
|
|
|
126 | (1) |
|
|
|
127 | (1) |
|
|
|
128 | (1) |
|
|
|
128 | (1) |
|
|
|
128 | (1) |
|
Final Audit Reprot Distirbution |
|
|
129 | (1) |
|
Final Audit Report Response |
|
|
129 | (1) |
|
|
|
130 | (3) |
|
Sarbanes Oxley Audit Process |
|
|
133 | (10) |
|
|
|
134 | (1) |
|
|
|
134 | (1) |
|
|
|
134 | (2) |
|
Similarities to Traditional audit prcess |
|
|
136 | (1) |
|
Differences with Traditional Audit Processes |
|
|
136 | (4) |
|
|
|
140 | (3) |
|
|
|
|
DevelopmentMaintenance Methodolgy and Prohect Management |
|
|
143 | (20) |
|
|
|
144 | (2) |
|
|
|
146 | (3) |
|
work Management Maethodology |
|
|
149 | (7) |
|
|
|
156 | (1) |
|
|
|
157 | (2) |
|
|
|
159 | (1) |
|
|
|
160 | (3) |
|
Production Cahgne Mangement |
|
|
163 | (1816) |
|
|
|
164 | (1) |
|
|
|
165 | (3) |
|
|
|
168 | (1) |
|
|
|
169 | (1) |
|
|
|
170 | (1) |
|
|
|
171 | (4) |
|
|
|
175 | (5) |
|
|
|
179 | (1) |
|
|
|
180 | (2) |
|
|
|
182 | (1) |
|
Application Documentation |
|
|
183 | (1) |
|
Input contols/Outpurt Controls/Interface Controls |
|
|
183 | (2) |
|
|
|
185 | (1) |
|
|
|
186 | (1) |
|
Application Access Contols |
|
|
187 | (3) |
|
Data Calssification Controls |
|
|
190 | (1) |
|
|
|
191 | (1) |
|
|
|
192 | (1) |
|
|
|
193 | (2) |
|
|
|
195 | (1) |
|
|
|
196 | (2) |
|
Security Responsibilities |
|
|
198 | (1) |
|
|
|
199 | (9) |
|
|
|
208 | (7) |
|
|
|
215 | (1) |
|
|
|
216 | (1) |
|
|
|
|
|
|
217 | (8) |
|
|
|
218 | (1) |
|
|
|
219 | (1) |
|
|
|
220 | (1) |
|
|
|
221 | (2) |
|
|
|
223 | (2) |
|
Outsourcing IT Contols (SaS70) |
|
|
225 | (11) |
|
|
|
226 | (1) |
|
|
|
227 | (1) |
|
|
|
228 | (2) |
|
|
|
230 | (2) |
|
The Decision for a SAS70 report |
|
|
232 | (2) |
|
Timing of the SAS70 Audit |
|
|
234 | (1) |
|
Difference between a SAS70 Audit and a Traditiona audit |
|
|
234 | (1) |
|
Effect of SAS70 on Outsourcing |
|
|
235 | (1) |
| Summary |
|
236 | |
