Blue Lance, Inc. - 1-800-856-BLUE (2583)
Pioneers in Information Security
Home Products LT Auditor+ Sales Services Provided by Blue Lance LT Auditor+ Support Security News & Links About Blue Lance, Inc. Blue Lance Press Center Employment Opportunities at Blue Lance
LT Auditor+ 9
LT Auditor+ 9 for Windows
LT Auditor+ Version 8.0
LT Auditor+ for NetWare
LT Auditor+ for eDirectory
LT Auditor+ Report Generator
LT Auditor+ Assessment for NetWare
 
 
 
Home >> Products >> White Papers >> Sarbanes-Oxley Compliance
HIPAA Compliance with LT Auditor+

Sarbanes-Oxley Control Transformation Through Automation

Where have we been? Where are we going?

The Sarbanes-Oxley Act of 2002 (SOX), specifically section 302 and 404, has changed the way
Information Technology (IT) departments view their organization’s business requirements. IT
departments need to clearly understand their organization’s financial reporting requirements and
the people, process and technology required to support and protect the financial data and the
financial reporting process.

It’s not enough to have documented policies and procedures in place that explain how they
protect their financial data and reporting processes. They must monitor and maintain logs to
provide evidence that their policies and procedures are being followed and are operating
effectively.

To accomplish compliance in year one most organizations and audit firms cast a wide net to
identify all controls that might be considered key to internal controls over financial reporting. For
most IT departments, this approach created a tremendous amount of anxiety when considering
their IT general control environment. Knowing the integrated nature of their IT environments,
determining which IT general controls support and protect their organization’s financial data and
financial reporting processes was a significant challenge.

Once they identified their key IT general controls they had to ensure they were designed
appropriately, documented, operating effectively and monitored. IT departments quickly realized
that if they did not attempt to automate these key IT general controls they would be spending a lot
of time and effort every year monitoring them and validating their operational effectiveness. Not
to mention, their external auditors would be spending an equal amount of time auditing the nonautomated
controls each year.

When key IT general controls are automated and a change control process is in place the auditor
can audit the automated control and change control process year one and if the change control
process is effective the auditor could theoretically review the change control process and audit the
control where changes have occurred in subsequent years. This can dramatically reduce the
external auditor’s level of effort when they can rely on a change control process for automated
controls.

The automation of key IT general controls can also reduce the resource requirements the IT
department needs to allocate to monitor these controls.

This white paper presents Sarbanes-Oxley IT general control compliance from two perspectives that
corporate IT departments must understand:

  1. Where have we been? – What has corporate IT gone through, and what do we know.
  2. Where are we going? – What does corporate IT have to look forward to and key elements
    that need to be considered, by corporate IT, to be successful.

 

Download this Sarbanes-Oxley Compliance White Paper or LT Auditor+

Download Sarbanes-Oxley Compliance with LT Auditor+ Download LT Auditor+
 
 


 
Download the Sarbanes-Oxley Compliance with LT Auditor+
Download the Sarbanes-Oxley Compiance White Paper
 
Download LT Auditor+
Download LT Auditor+ Trial
 

 
   
Blue Lance, Inc.
1401 McKinney
Suite 950
Houston, Tx 77010
800-856-2583
713-255-4800
 
Copyright 2008© Blue Lance, Inc. All Rights Reserved.