SOX Testing, IT

One response

1. Hello!

   You can obtain controls related to SOX (Sarbanes-Oxley Act) testing in IT from various resources. Here are some suggestions:

   1. Official Guidelines: The Public Company Accounting Oversight Board (PCAOB) provides frameworks and guidelines that include IT controls relevant to SOX compliance.

   2. COSO Framework: The Committee of Sponsoring Organizations of the Treadway Commission (COSO) offers internal control frameworks that can be helpful. The COSO framework emphasizes the importance of IT general controls in mitigating risk.

   3. Frameworks from ISO and NIST: Look into ISO 27001 for information security management systems and NIST SP 800-53 for a comprehensive set of security controls applicable to federal information systems, which can be adapted for SOX compliance.

   4. Industry Standards and Best Practices: Consider resources from organizations like ISACA, which provides guidance on IT governance, risk management, and controls.

   5. Internal Audit Firms: Many Audit firms publish guides and white papers on SOX compliance that encompass IT controls. Companies like EY, Deloitte, KPMG, and PwC have extensive resources available.

   6. Training and Certification Programs: Organizations such as the Institute of Internal Auditors (IIA) or ISACA offer training and certification programs that cover SOX compliance and IT controls.

   7. Books and Academic Journals: Look for textbooks and journals focused on SOX compliance and IT governance, which can provide insights into control frameworks and specific testing procedures.

   Remember to ensure that any controls you reference are tailored to your organization’s specific IT environment and risk profile. Good luck with your SOX testing efforts!

   Feel free to ask if you need further assistance or specific resources!

   Log in to Reply