Auditing for Sarbanes-Oxley
This Discussion is based on the following case study and references the optional article, “Overwhelmed by Sarbanes-Oxley.” In this case, the security manager focuses on a SOX audit. He finds that all he needs to do is mention the audit to get the attention of IT managers. He finds that the security-related controls required by SOX can be daunting. He needs to prove that there are many compliance-checking processes in place. SOX requires a “credible body of evidence” demonstrating that a company complies with the identified controls. He focuses on backup processes, database administration, and encryption. He also had to improve wireless security and strengthen audit processes.
• List the key issues to address when preparing for a SOX audit.
• Present an argument that shows how regulations can benefit a company rather than just being seen as an expense and inconvenience.
• List at least three important U.S. or foreign regulations that will require a significant effort to prepare for and comply with, and identify the key security issues for each that should be checked as part of internal audits.