Sarbanes and IT:Today, there is a barrier between information technology and security compliance requirements imposed by Federal Government. Some of the important laws are Sarbanes-Oxley Act (financial reporting process), Gramm-Leach- Biley Act (public’s private information protection), HIPAA Act (Protect patient’s medical record), etc. The following section provides information how Sarbanes-Law affects Business Intelligence (BPM, Data Modeling, Data Warehousing, and BI Reports) and the better ways for an organization to be compliant with Sarbanes What is a Control System?:For sox compliance, the process of organizing and monitoring the different procedures and processes that happens in an organization at company’s and investor’s best interest is called as control system. Many industries follow COSO and ITGI standards for sox compliance. Company Level Internal ControlA mortgage company may be interested in purchasing Mortgage Application software that costs 6 million dollars. In order to do data warehouse operations the same company may be interested to buy Informatica software also. In this scenario, a request has to be submitted by the purchase officer to the top management and this request may be approved or denied. This way, the top management has the knowledge and authority of the procedures that happen inside the organization and this is called as Corporate Level Control. IT Level Internal ControlIT general control systems are designed to monitor, authorize, and protect access to all computer or network data and activity. |
