Sarbanes-Oxley
I spent three years as a Certified Information
Systems Auditor doing Sarbanes-Oxley auditing. Everyone in IT has their own opinion of SOX, so here is mine:
Every single thing required by SOX was already required by some other regulation or law. As I audited companies, I kept notes and put together what I think is the most concise
list of SOX control objectives and activities I've seen. If you agree or disagree, I'd like to hear
why.
SOX Control Objectives
SOX Control Activities
~~~~~
Here are some of my favorite auditing
stories:
The $1.4
million dollar DBA
How
not to audit in Saudi Arabia
It
all ends at the loading dock
~~~~~
|