How to Achieve SOX Compliance Faster

advertisement
How to Achieve SOX Compliance
Faster
Presented by Laurie LeBlanc
SoftLanding Systems
The Software Management Experts
www.softlanding.com
Agenda
• SOX : Opportunity or Burden?
• IT Control Framework
• Software Tools
– Change Management
– Testing
– Security
• Q&A
The Software Management Experts
www.softlanding.com
The Sarbanes - Oxley Act of 2002
Opportunity or Burden?
The Software Management Experts
www.softlanding.com
An Annual Event
• Title IV Sect 404 - Each annual report
must include an “internal control report”
– The CEO/CFO are responsible for an
adequate internal control system
– Must identify internal control framework used
– A certified assessment by the CEO/CFO of the
control’s effectiveness
– An external auditor must also attest to the
accuracy of these assertions
The Software Management Experts
www.softlanding.com
COBIT (Control Objectives for IT)
COBIT - IT Governance Maturity Model
0. Non-Existent
1. Initial / Ad Hoc
2. Repeatable but Intuitive
3. Defined Process
4. Managed and Measurable
5. Optimized
The Software Management Experts
www.softlanding.com
Where Do I Begin?
The Software Management Experts
www.softlanding.com
COBIT,
How Software Products Apply
The Software Management Experts
www.softlanding.com
COBIT and SOX
• 300+ specific COBIT objectives
• Of those, 164 pertain to SOX
• Of those, 64 can be met with SoftLanding
tools
The Software Management Experts
www.softlanding.com
For instance…
• Job Change and Termination (P07.8)
– Management should ensure that appropriate
and timely actions are taken regarding job
changes and terminations so that internal
controls and security are not impaired by such
occurrences.
• Software tools do not apply
The Software Management Experts
www.softlanding.com
However…
• System Software Change Controls (A13.6)
– Procedures should be implemented to ensure
that system software changes are controlled in
line with the organization’s change
management procedures.
• Change Management tools directly apply
The Software Management Experts
www.softlanding.com
SLS Tools and COBIT Objectives
The Software Management Experts
www.softlanding.com
TurnOver Change Management
The Software Management Experts
www.softlanding.com
Reports
The Software Management Experts
www.softlanding.com
Auditing Specific Changes
• Easy to audit full lifecycle
–
–
–
–
–
–
Initial request
Task approval
Development work
Testing results
Change approvals
How & when changes went live
• All from a single iSeries database
The Software Management Experts
www.softlanding.com
TurnOver Change Management
Repeatable process
plus:
• Approval enforcement
• Authorities by
application &
development level
• Change history
• Standardized controls
The Software Management Experts
www.softlanding.com
TurnOver Workflow
COBIT Section A14 – Develop & Maintain Procedures
The Software Management Experts
www.softlanding.com
Issue Tracking
COBIT Section DS10 –
Manage Problems and Incidents
The Software Management Experts
www.softlanding.com
Issue Tracking
The Software Management Experts
www.softlanding.com
Issue Tracking
The Software Management Experts
www.softlanding.com
Project Management
COBIT Section PO10 –
Manage Projects
The Software Management Experts
www.softlanding.com
Project Management
Repeatable workflow
& authorities:
• Save time
• Increase control
• Improve predictability
The Software Management Experts
www.softlanding.com
Project Management
The Software Management Experts
www.softlanding.com
Project Management
The Software Management Experts
www.softlanding.com
Development
COBIT Sections A16 & DS9
– Manage Changes
– Manage the Configuration
The Software Management Experts
www.softlanding.com
Development
The Software Management Experts
www.softlanding.com
Development
The Software Management Experts
www.softlanding.com
Development
The Software Management Experts
www.softlanding.com
Development
TurnOver provides for:
• Object stamping and versioning
• Emergency changes
– Pre-established criteria
– Done within the system
• Audit trail of all program changes
The Software Management Experts
www.softlanding.com
Test & Deploy
COBIT Section A15 – Install
& Accredit System
The Software Management Experts
www.softlanding.com
Test & Deploy
TurnOver will:
• Create/maintain test environments
• Facilitate communication between
dev, QA, users & project managers
• Enforce approval procedures
• Provide audit trail
The Software Management Experts
www.softlanding.com
Test & Deploy
The Software Management Experts
www.softlanding.com
Production
COBIT Objectives A15.12 & A16.8
– Promotion to Production
– Distribution of Software
The Software Management Experts
www.softlanding.com
Production
The Software Management Experts
www.softlanding.com
Production
The Software Management Experts
www.softlanding.com
Summary
The Software Management Experts
www.softlanding.com
Testing Tools and COBIT Objectives
The Software Management Experts
www.softlanding.com
TestBench
COBIT Sections A15 and PO10
- Install/Accredit Systems
- Manage Projects
The Software Management Experts
www.softlanding.com
TestBench
COBIT Objective A15.7 – Testing of Changes
COBIT Objective A15.11 – Operational Test
The Software Management Experts
www.softlanding.com
TestBench
COBIT Objectives: A12.15, A13.4, A15.6, 15.8
PO10.8-9, PO10.11
The Software Management Experts
www.softlanding.com
TestBench
COBIT Objective A15.9 – Final Acceptance Test
The Software Management Experts
www.softlanding.com
SLS Tools and COBIT Objectives
The Software Management Experts
www.softlanding.com
Security Tools
COBIT Section DS5 – Ensure Systems Security
The Software Management Experts
www.softlanding.com
PowerLock NetworkSecurity
Covers COBIT Objectives:
DS5.2, DS5.3, DS5.7, DS5.10 and DS5.11
The Software Management Experts
www.softlanding.com
PowerLock SecurityAudit
Covers COBIT Objectives:
DS5.1, DS5.2, DS5.4, DS5.5, DS5.9, DS5.10
The Software Management Experts
www.softlanding.com
VISUAL Security
Covers COBIT Objectives:
DS5.6, DS5.7, DS5.10 and DS5.11
The Software Management Experts
www.softlanding.com
SoftMenu
Covers COBIT Objectives:
DS5.3, DS5.4, DS5.5 and DS5.9
The Software Management Experts
www.softlanding.com
Experience Counts
"TurnOver and SoftMenu played a big part in our
preparations for Sarbanes-Oxley compliance.
They're always very strong during audits –
they're never challenged."
— Jerry Bell
Director of Systems Development
Oshkosh B'Gosh Inc.
The Software Management Experts
www.softlanding.com
Thank You!
• Contact SoftLanding to discuss how our products
can help you achieve SOX compliance faster:
(800) 545-9485 or (603) 924-8818
• Email lauriel@softlanding.com:
For questions related to this Presentation
• SoftLanding SOX Resources Page:
www.softlanding.com/sox
The Software Management Experts
www.softlanding.com
Download