Www.softlanding.com The Software Management Experts How to Achieve SOX Compliance Faster Presented...

transcript

www.softlanding.comThe Software Management Experts

How to Achieve SOX Compliance Faster

Presented by Laurie LeBlancSoftLanding Systems

Agenda

• SOX : Opportunity or Burden?• IT Control Framework• Software Tools

– Change Management– Testing– Security

• Q & A

Opportunity or Burden?

The Sarbanes - Oxley Act of 2002

An Annual Event

• Title IV Sect 404 - Each annual report must include an “internal control report”

– The CEO/CFO are responsible for an adequate internal control system

– Must identify internal control framework used– A certified assessment by the CEO/CFO of the

control’s effectiveness– An external auditor must also attest to the

accuracy of these assertions

COBIT (Control Objectives for IT)

COBIT - IT Governance Maturity Model

0. Non-Existent

1. Initial / Ad Hoc

2. Repeatable but Intuitive

3. Defined Process

4. Managed and Measurable

5. Optimized

Where Do I Begin?

COBIT, How Software Products Apply

• 300+ specific COBIT objectives• Of those, 164 pertain to SOX • Of those, 64 can be met with SoftLanding

COBIT and SOX

For instance…

• Job Change and Termination (P07.8)– Management should ensure that appropriate

and timely actions are taken regarding job changes and terminations so that internal controls and security are not impaired by such occurrences.

• Software tools do not apply

However…

• System Software Change Controls (A13.6)– Procedures should be implemented to ensure

that system software changes are controlled in line with the organization’s change management procedures.

• Change Management tools directly apply

SLS Tools and COBIT Objectives

TurnOver Change Management

Reports

Auditing Specific Changes

• Easy to audit full lifecycle– Initial request– Task approval– Development work– Testing results– Change approvals– How & when changes went live

• All from a single iSeries database

TurnOver Change Management

Repeatable processplus:• Approval enforcement• Authorities by

application & development level

• Change history• Standardized controls

TurnOver Workflow

COBIT Section A14 – Develop & Maintain Procedures

Issue Tracking

COBIT Section DS10 – Manage Problems and Incidents

Issue Tracking

Project Management

COBIT Section PO10 – Manage Projects

Project Management

Repeatable workflow& authorities:• Save time• Increase control• Improve predictability

Project Management

Development

COBIT Sections A16 & DS9 – Manage Changes – Manage the Configuration

Development

TurnOver provides for:• Object stamping and versioning• Emergency changes

– Pre-established criteria– Done within the system

• Audit trail of all program changes

Test & Deploy

COBIT Section A15 – Install & Accredit System

Test & Deploy

TurnOver will:• Create/maintain test environments• Facilitate communication between

dev, QA, users & project managers• Enforce approval procedures• Provide audit trail

Test & Deploy

Production

COBIT Objectives A15.12 & A16.8 – Promotion to Production – Distribution of Software

Production

Summary

Testing Tools and COBIT Objectives

TestBench

COBIT Sections A15 and PO10 - Install/Accredit Systems - Manage Projects

TestBench

COBIT Objective A15.7 – Testing of Changes

COBIT Objective A15.11 – Operational Test

TestBench

COBIT Objectives: A12.15, A13.4, A15.6, 15.8 PO10.8-9, PO10.11

TestBench

COBIT Objective A15.9 – Final Acceptance Test

SLS Tools and COBIT Objectives

Security Tools

COBIT Section DS5 – Ensure Systems Security

PowerLock NetworkSecurity

Covers COBIT Objectives: DS5.2, DS5.3, DS5.7, DS5.10 and DS5.11

Covers COBIT Objectives:

DS5.1, DS5.2, DS5.4, DS5.5, DS5.9, DS5.10

PowerLock SecurityAudit

VISUAL Security

Covers COBIT Objectives: DS5.6, DS5.7, DS5.10 and DS5.11

SoftMenu

Covers COBIT Objectives: DS5.3, DS5.4, DS5.5 and DS5.9

Experience Counts

"TurnOver and SoftMenu played a big part in our

preparations for Sarbanes-Oxley compliance.

They're always very strong during audits –

they're never challenged."

— Jerry Bell Director of Systems Development Oshkosh B'Gosh Inc.

Thank You!

• Contact SoftLanding to discuss how our products can help you achieve SOX compliance faster:

(800) 545-9485 or (603) 924-8818

• Email lauriel@softlanding.com: For questions related to this Presentation

• SoftLanding SOX Resources Page:www.softlanding.com/sox

Www.softlanding.com The Software Management Experts How to Achieve SOX Compliance Faster Presented...

Documents