Stepping Up to Sarbanes-Oxley

Besides getting bored, I also came away confused because it offered no guidance on the related information security issues. After further reading, I decided that the most important part for my group is Section 404, titled "Management Assessment of Internal Controls." This section mandates that management attest to the effectiveness of our company's "internal control" structure and procedures for financial reporting. Internal control is an extremely broad term, but I translated this section to mean that the CEO will expect my group to have sufficient controls in place to ensure the confidentiality, integrity and availability of financial and other critical information. So I came up with an initial plan to ensure compliance.

Tags:

Read the complete paper at Computer World