Through June 30, the IT Governance Institute (ITGI) will be looking for comments from professionals throughout the industry on the second edition of its IT Control Objectives for Sarbanes-Oxley, which is an update on the original version published in April 2004. This enhanced report contains more information on scoping and risk assessment based on lessons companies learned while moving toward compliance with the Sarbanes-Oxley Act of 2002 (SOX) over the past few years.
“I’m not entirely sure about the nature of the comments that will come back,” said Paul Zonneveld, a partner with Deloitte & Touche and co-author of the report. “My focus isn’t on trying to get a vast variety of comments. What we would like folks to do is have a look at what’s been amended in the document since the first version. We’re interested in knowing what’s helpful, and if we’ve provided enough context to the theoretical concepts to allow companies to apply them.”
Zonneveld said the first edition of IT Control Objectives for Sarbanes-Oxley was extremely popular, and added that more than half of all U.S. companies used it in some way. “The principle comments in the initial version are sound. The early guidance kind of sets forth a bit of a road map. Organizations that followed that approach are not going to find the second edition telling them that they missed a bunch of stuff. What it’s really intended to do is show what we’ve learned out of all the thousands of companies…
Please log in or subscribe to read this article