Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

C T and IT Governance Case Study: Jefferson Wells Ensures Effective... Sarbanes-Oxley Review

advertisement 
COBIT and IT Governance Case Study: Jefferson Wells Ensures Effective IT Control for
Sarbanes-Oxley Review
ABSTRACT
A retail/wholesale company had a well-run information technology department, but as
part of a Sarbanes-Oxley audit, it realized it needed to assess and address IT controls.
The company contracted with Jefferson Wells for IT controls assessment. Jefferson Wells
used Control Objectives for Information and related Technology (COBIT), published by
the IT Governance Institute (ITGI), to provide IT management with the guidance that
helped it ensure the organization had effective high-priority controls in place.
BACKGROUND
Jefferson Wells provides professional services for finance and audits. The client in this
case study is a wholesaler/retailer of college textbooks. The company has a corporate
office/warehouse and approximately 250 retail locations in the US. Most of the retail
locations have their own web site. The company needed to develop information for a
first-year Sarbanes-Oxley internal review. The corporate office and the retail locations
must also comply with the Payment Card Industry (PCI) data security standard
requirements.
PROCESS
The retailer was preparing for its first-year Sarbanes-Oxley audit and wanted help
evaluating IT controls. The organization had a very stable IT department so it never felt
the need to write procedures or policies—everyone just knew what to do. The company’s
main information systems were proprietary and had no requirements or design
documentation.
Jefferson Wells used COBIT to assess existing controls and make recommendations on
new controls. The highest-priority recommendation was to develop a structure of policies
and procedures.
For the IT controls, there is an assessment form that maps COSO to COBIT (other
mappings are available). Assessment results are recorded directly into the database, as are
controls, test results and remediation activities. Standard report formats are created for
each delivery phase.
CONCLUSION
Using COSO as the basis for required controls, it was easy to demonstrate to the client’s
senior managers that they had some work to do before they would be compliant. COBIT
helped break down the information into understandable requirements. The company was
also able to scope out any of the controls that were not required for COSO compliance
and senior management provided valuable support for IT governance activities using
COBIT.
COBIT helped Jefferson Wells provide guidance for the client to address and improve
processes and issues. Its comprehensive guidance helped the client’s organization build
the high-priority controls it needs.
Questions :
•
•
•
•
Please summarize the case
What’s generating all of the extra project requests?
What problems arise from over-commitment?
What’s your assessment of company’s IT Governance?
Sumber :
http://www.itgi.org/Template_ITGI.cfm?Section=Case_Studies1&CONTENTID=51218
&TEMPLATE=/ContentManagement/ContentDisplay.cfm
Related documents
Internal Control1
Internal Control1
v DESIGN IT GOVERNANCE FOR PLANNING AND ORGANIZING
v DESIGN IT GOVERNANCE FOR PLANNING AND ORGANIZING
Impact of Sarbanes Oxley Act-on Information Security Governance
Impact of Sarbanes Oxley Act-on Information Security Governance
How Do You Measure Up?: IT Metrics
How Do You Measure Up?: IT Metrics
IT Governance and The 4 Cobit Domain Processes
IT Governance and The 4 Cobit Domain Processes
Who Am I - Danville Public Schools
Who Am I - Danville Public Schools
COBIT 5 Exec. Summary
COBIT 5 Exec. Summary
COBIT 4.1 Executive Summary
COBIT 4.1 Executive Summary
Download
advertisement