LT: An Approach of IT Compliance in Third Level Institutions
An overview of SOX (Sarbanes-Oxley Act) in a corporate environment and how its principals can be applied to a Third Level Institution’s IT environment.
The Sarbanes-Oxley Act is a bill introduced in 2002 for all organisations that are listed on the stock exchange in relation to corporate compliance and accountability. It was a reaction to major accounting scandals including Enron, Tyco and Worldcom.
The overriding principal of IT SOX controls is proving accountability with self-auditing and self-testing of controls. Using the COBIT framework for SOX compliance, IT controls are developed in general areas of User Access, Backup and Recovery, Change and Configuration Management, Computer Operations and Incident Management.
It makes sense to apply principles of SOX compliance to Third Level IT organisations. The overall aim of IT Governance is to manage IT like a business, delivering transparency, mitigating IT-related risks and add value. The challenge is to understand the appropriate level of IT governance required in a Third Level Institute, and ensure IT continue to operate in an effective and efficient manner.