How to Achieve SOX Compliance Faster Presented by Laurie LeBlanc SoftLanding Systems The Software Management Experts www.softlanding.com Agenda • SOX : Opportunity or Burden? • IT Control Framework • Software Tools – Change Management – Testing – Security • Q&A The Software Management Experts www.softlanding.com The Sarbanes - Oxley Act of 2002 Opportunity or Burden? The Software Management Experts www.softlanding.com An Annual Event • Title IV Sect 404 - Each annual report must include an “internal control report” – The CEO/CFO are responsible for an adequate internal control system – Must identify internal control framework used – A certified assessment by the CEO/CFO of the control’s effectiveness – An external auditor must also attest to the accuracy of these assertions The Software Management Experts www.softlanding.com COBIT (Control Objectives for IT) COBIT - IT Governance Maturity Model 0. Non-Existent 1. Initial / Ad Hoc 2. Repeatable but Intuitive 3. Defined Process 4. Managed and Measurable 5. Optimized The Software Management Experts www.softlanding.com Where Do I Begin? The Software Management Experts www.softlanding.com COBIT, How Software Products Apply The Software Management Experts www.softlanding.com COBIT and SOX • 300+ specific COBIT objectives • Of those, 164 pertain to SOX • Of those, 64 can be met with SoftLanding tools The Software Management Experts www.softlanding.com For instance… • Job Change and Termination (P07.8) – Management should ensure that appropriate and timely actions are taken regarding job changes and terminations so that internal controls and security are not impaired by such occurrences. • Software tools do not apply The Software Management Experts www.softlanding.com However… • System Software Change Controls (A13.6) – Procedures should be implemented to ensure that system software changes are controlled in line with the organization’s change management procedures. • Change Management tools directly apply The Software Management Experts www.softlanding.com SLS Tools and COBIT Objectives The Software Management Experts www.softlanding.com TurnOver Change Management The Software Management Experts www.softlanding.com Reports The Software Management Experts www.softlanding.com Auditing Specific Changes • Easy to audit full lifecycle – – – – – – Initial request Task approval Development work Testing results Change approvals How & when changes went live • All from a single iSeries database The Software Management Experts www.softlanding.com TurnOver Change Management Repeatable process plus: • Approval enforcement • Authorities by application & development level • Change history • Standardized controls The Software Management Experts www.softlanding.com TurnOver Workflow COBIT Section A14 – Develop & Maintain Procedures The Software Management Experts www.softlanding.com Issue Tracking COBIT Section DS10 – Manage Problems and Incidents The Software Management Experts www.softlanding.com Issue Tracking The Software Management Experts www.softlanding.com Issue Tracking The Software Management Experts www.softlanding.com Project Management COBIT Section PO10 – Manage Projects The Software Management Experts www.softlanding.com Project Management Repeatable workflow & authorities: • Save time • Increase control • Improve predictability The Software Management Experts www.softlanding.com Project Management The Software Management Experts www.softlanding.com Project Management The Software Management Experts www.softlanding.com Development COBIT Sections A16 & DS9 – Manage Changes – Manage the Configuration The Software Management Experts www.softlanding.com Development The Software Management Experts www.softlanding.com Development The Software Management Experts www.softlanding.com Development The Software Management Experts www.softlanding.com Development TurnOver provides for: • Object stamping and versioning • Emergency changes – Pre-established criteria – Done within the system • Audit trail of all program changes The Software Management Experts www.softlanding.com Test & Deploy COBIT Section A15 – Install & Accredit System The Software Management Experts www.softlanding.com Test & Deploy TurnOver will: • Create/maintain test environments • Facilitate communication between dev, QA, users & project managers • Enforce approval procedures • Provide audit trail The Software Management Experts www.softlanding.com Test & Deploy The Software Management Experts www.softlanding.com Production COBIT Objectives A15.12 & A16.8 – Promotion to Production – Distribution of Software The Software Management Experts www.softlanding.com Production The Software Management Experts www.softlanding.com Production The Software Management Experts www.softlanding.com Summary The Software Management Experts www.softlanding.com Testing Tools and COBIT Objectives The Software Management Experts www.softlanding.com TestBench COBIT Sections A15 and PO10 - Install/Accredit Systems - Manage Projects The Software Management Experts www.softlanding.com TestBench COBIT Objective A15.7 – Testing of Changes COBIT Objective A15.11 – Operational Test The Software Management Experts www.softlanding.com TestBench COBIT Objectives: A12.15, A13.4, A15.6, 15.8 PO10.8-9, PO10.11 The Software Management Experts www.softlanding.com TestBench COBIT Objective A15.9 – Final Acceptance Test The Software Management Experts www.softlanding.com SLS Tools and COBIT Objectives The Software Management Experts www.softlanding.com Security Tools COBIT Section DS5 – Ensure Systems Security The Software Management Experts www.softlanding.com PowerLock NetworkSecurity Covers COBIT Objectives: DS5.2, DS5.3, DS5.7, DS5.10 and DS5.11 The Software Management Experts www.softlanding.com PowerLock SecurityAudit Covers COBIT Objectives: DS5.1, DS5.2, DS5.4, DS5.5, DS5.9, DS5.10 The Software Management Experts www.softlanding.com VISUAL Security Covers COBIT Objectives: DS5.6, DS5.7, DS5.10 and DS5.11 The Software Management Experts www.softlanding.com SoftMenu Covers COBIT Objectives: DS5.3, DS5.4, DS5.5 and DS5.9 The Software Management Experts www.softlanding.com Experience Counts "TurnOver and SoftMenu played a big part in our preparations for Sarbanes-Oxley compliance. They're always very strong during audits – they're never challenged." — Jerry Bell Director of Systems Development Oshkosh B'Gosh Inc. The Software Management Experts www.softlanding.com Thank You! • Contact SoftLanding to discuss how our products can help you achieve SOX compliance faster: (800) 545-9485 or (603) 924-8818 • Email lauriel@softlanding.com: For questions related to this Presentation • SoftLanding SOX Resources Page: www.softlanding.com/sox The Software Management Experts www.softlanding.com