eBook - ePub
Sarbanes-Oxley IT Compliance Using Open Source Tools
- 466 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Sarbanes-Oxley IT Compliance Using Open Source Tools
About this book
The Sarbanes-Oxley Act (officially titled the Public Company Accounting Reform and Investor Protection Act of 2002), signed into law on 30 July 2002 by President Bush, is considered the most significant change to federal securities laws in the United States since the New Deal. It came in the wake of a series of corporate financial scandals, including those affecting Enron, Arthur Andersen, and WorldCom. The law is named after Senator Paul Sarbanes and Representative Michael G. Oxley. It was approved by the House by a vote of 423-3 and by the Senate 99-0. This book illustrates the many Open Source cost-saving opportunities that public companies can explore in their IT enterprise to meet mandatory compliance requirements of the Sarbanes-Oxley act. This book will also demonstrate by example and technical reference both the infrastructure components for Open Source that can be made compliant, and the Open Source tools that can aid in the journey of compliance. Although many books and reference material have been authored on the financial and business side of Sox compliance, very little material is available that directly address the information technology considerations, even less so on how Open Source fits into that discussion.The format of the book will begin each chapter with the IT business and executive considerations of Open Source and SOX compliance. The remaining chapter verbiage will include specific examinations of Open Source applications and tools which relate to the given subject matter.* Only book that shows companies how to use Open Source tools to achieve SOX compliance, which dramatically lowers the cost of using proprietary, commercial applications.* Only SOX compliance book specifically detailing steps to achieve SOX compliance for IT Professionals.
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere â even offline. Perfect for commutes or when youâre on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Sarbanes-Oxley IT Compliance Using Open Source Tools by Christian B Lahti,Roderick Peterson in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Science General. We have over one million books available in our catalogue for you to explore.
Information
Chapter 1 Overview â The Goals of This Book
Solutions in this chapter:
IT Manager Bob â The Nightmare
âThereâs no doubt that 404 goes too far, you end up documenting things for the sake of documenting them, even if your judgment says youâve gone a bit overboardâ.â
âBruce P. Nolop. CFO, Pitney Bowes
The above quote refers to Pitney Bowesâs first year audit effort in which they developed testing of 134 processes and more than 2,000 controls in 53 locations and ultimately found no significant weaknesses. We can just imagine the onerous task of managing this huge compliance effort, and can sympathize and agree with Mr. Nolopâs final assessment of the outcome. Rather than jump ahead with the language and jargon of compliance, letâs step back for a moment and consider a day in the life of Information Technology (IT) Manager, Bob.
Itâs Monday morning and you have barely had enough time to get your first cup of coffee and log in to check server availability before it startsâyour first user callâthe Human Resources (HR) Manager system wonât boot. After going through the usualâmaking sure that the correct power button is being pressed, checking to see that itâs plugged in, checking the outlet, and so on, you decide, since the HR Manager has a tendency to escalate problems to the Chief Executive Officer (CEO), you will go to the HR Managerâs desk to see if you can determine what the problem might be. After querying the HR Manager more intently, you quickly determine the cause of the problem. Apparently, in an attempt to be âGreen,â the HR Manager turned off the power strip for her PC the Friday before she left work. Well, you guessed it, although she checked to see that everything was plugged in, she never noticed her power strip was off. As youâre walking back you think to yourself, well, looks like this Monday is not going to be any different from any other Mondayâor so you think.
After returning back from the HR Managerâs desk, you take a quick look at your calendar to see what is on your agenda for the day (Figure 1.1). As usual there are more tasks than time to complete them.
Figure 1-1 IT Manager Bobâs Calendar
Youâre halfway through your second meeting when your cell phone rings. You look down at the number and immediately realize it is the CEOâs admin. You think about the user this morning, and think, great, she canât switch on a power strip and she still escalates to the CEO. To your surprise, the CEO has asked that you attend a meeting with him, the Chief Information Officer (CIO), and the Controller to discuss this âSOXâ thing. You look down to make sure your socks are matching, wondering why on earth they would be concerned with such a nonsensical thing as you enter the meeting. The expected crowd is there as you settle in, along with a couple of those slightly familiar faces you have seen floating about. âBob, this is Bill and Jane from WeHelpU Consulting, and they have been spending the past couple of months helping us to prepare for our Sarbanes-Oxley compliance audit,â says the CEO by way of introduction. The consultants go on to explain that they are there to help finance analyze their business processes and reporting structures for the financial chain. After a few minutes, your eyes begin to glaze over so you decide to read your e-mail. After all, meetings seem like the best time to catch up on this sort of thing. You nod a few times when your name is mentioned, catching phrases here and there like âcontrol objectivesâ and âmaterial weaknessâ ⌠say that doesnât sound too good.
Wait a minute! You suddenly realize these people have been here for several months and you are just now getting sucked into something that you instantly know you really donât want any part of, but it is becoming apparent that unfortunately you will have no choice in the matter. To top it off, these people are all acting like you have been clued in from day one! âOkay, no problem,â you say after listening to them intently. âWe will just revamp the old audit material from last year and add to it what we need.â Everyone agrees that it sounds like a reasonable place to start, and the meeting is adjourned, but somewhere in the back of your mind something tells you this is going to be anything but an ordinary IT audit. In this particular instance, you decide that it would be unwise for you to ignore that feeling, and that you better find out more about this Sarbanes-Oxley thing and PDQ (Pretty Darn Quick). Just then you realize this whole thing seems like a nightmare, and you are right. Whether as a result of your quickened heartbeat, sweating palms, or throbbing headache, you snap out of your Sarbanes-Oxley-induced nightmare back to the realization that youâve passed your first year Sarbanes-Oxley compliance audit. You now breathe a sigh of relief as you revel in the knowledge that the worst is over. Or is it? Just as you begin to relax again, you hear the sound of your CEOâs voice asking you, âWhat is the impact of AS5 on our Sarbanes-Oxley compliance? How does our ITIL activities impact Sarbanes-Oxley?â You think to yourself, the nightmare continues.
Whether this story is similar to yours, the simple fact is that as an IT professional, whether you are a syst...
Table of contents
- Cover image
- Title page
- Table of Contents
- Copyright
- Lead Authors
- Contributing Authors
- Chapter 1: Overview â The Goals of This Book
- Chapter 2: Introduction to the Companion DVD
- Chapter 3: SOX and Compliance Regulations
- Chapter 4: Whatâs In a Framework?
- Chapter 5: The Cost of Compliance
- Chapter 6: Whatâs First?
- Chapter 7: Whatâs Second
- Chapter 8: Are We There Yet?
- Chapter 9: Finally, Weâve Arrived
- Chapter 10: Putting It All Together
- Appendix A: COBIT Control Objectives
- Appendix B: ITIL Framework Summary
- Appendix C: GNU General Public Licenses
- Index