Www.softlanding.com The Software Management Experts How to Achieve SOX Compliance Faster Presented...
Transcript of Www.softlanding.com The Software Management Experts How to Achieve SOX Compliance Faster Presented...
www.softlanding.comThe Software Management Experts
How to Achieve SOX Compliance Faster
Presented by Laurie LeBlancSoftLanding Systems
www.softlanding.comThe Software Management Experts
Agenda
• SOX : Opportunity or Burden?• IT Control Framework• Software Tools
– Change Management– Testing– Security
• Q & A
www.softlanding.comThe Software Management Experts
Opportunity or Burden?
The Sarbanes - Oxley Act of 2002
www.softlanding.comThe Software Management Experts
An Annual Event
• Title IV Sect 404 - Each annual report must include an “internal control report”
– The CEO/CFO are responsible for an adequate internal control system
– Must identify internal control framework used– A certified assessment by the CEO/CFO of the
control’s effectiveness– An external auditor must also attest to the
accuracy of these assertions
www.softlanding.comThe Software Management Experts
COBIT (Control Objectives for IT)
COBIT - IT Governance Maturity Model
0. Non-Existent
1. Initial / Ad Hoc
2. Repeatable but Intuitive
3. Defined Process
4. Managed and Measurable
5. Optimized
www.softlanding.comThe Software Management Experts
Where Do I Begin?
www.softlanding.comThe Software Management Experts
COBIT, How Software Products Apply
www.softlanding.comThe Software Management Experts
• 300+ specific COBIT objectives• Of those, 164 pertain to SOX • Of those, 64 can be met with SoftLanding
tools
COBIT and SOX
www.softlanding.comThe Software Management Experts
For instance…
• Job Change and Termination (P07.8)– Management should ensure that appropriate
and timely actions are taken regarding job changes and terminations so that internal controls and security are not impaired by such occurrences.
• Software tools do not apply
www.softlanding.comThe Software Management Experts
However…
• System Software Change Controls (A13.6)– Procedures should be implemented to ensure
that system software changes are controlled in line with the organization’s change management procedures.
• Change Management tools directly apply
www.softlanding.comThe Software Management Experts
SLS Tools and COBIT Objectives
www.softlanding.comThe Software Management Experts
TurnOver Change Management
www.softlanding.comThe Software Management Experts
Reports
www.softlanding.comThe Software Management Experts
Auditing Specific Changes
• Easy to audit full lifecycle– Initial request– Task approval– Development work– Testing results– Change approvals– How & when changes went live
• All from a single iSeries database
www.softlanding.comThe Software Management Experts
TurnOver Change Management
Repeatable processplus:• Approval enforcement• Authorities by
application & development level
• Change history• Standardized controls
www.softlanding.comThe Software Management Experts
TurnOver Workflow
COBIT Section A14 – Develop & Maintain Procedures
www.softlanding.comThe Software Management Experts
Issue Tracking
COBIT Section DS10 – Manage Problems and Incidents
www.softlanding.comThe Software Management Experts
Issue Tracking
www.softlanding.comThe Software Management Experts
Issue Tracking
www.softlanding.comThe Software Management Experts
Project Management
COBIT Section PO10 – Manage Projects
www.softlanding.comThe Software Management Experts
Project Management
Repeatable workflow& authorities:• Save time• Increase control• Improve predictability
www.softlanding.comThe Software Management Experts
Project Management
www.softlanding.comThe Software Management Experts
Project Management
www.softlanding.comThe Software Management Experts
Development
COBIT Sections A16 & DS9 – Manage Changes – Manage the Configuration
www.softlanding.comThe Software Management Experts
Development
www.softlanding.comThe Software Management Experts
Development
www.softlanding.comThe Software Management Experts
Development
www.softlanding.comThe Software Management Experts
Development
TurnOver provides for:• Object stamping and versioning• Emergency changes
– Pre-established criteria– Done within the system
• Audit trail of all program changes
www.softlanding.comThe Software Management Experts
Test & Deploy
COBIT Section A15 – Install & Accredit System
www.softlanding.comThe Software Management Experts
Test & Deploy
TurnOver will:• Create/maintain test environments• Facilitate communication between
dev, QA, users & project managers• Enforce approval procedures• Provide audit trail
www.softlanding.comThe Software Management Experts
Test & Deploy
www.softlanding.comThe Software Management Experts
Production
COBIT Objectives A15.12 & A16.8 – Promotion to Production – Distribution of Software
www.softlanding.comThe Software Management Experts
Production
www.softlanding.comThe Software Management Experts
Production
www.softlanding.comThe Software Management Experts
Summary
www.softlanding.comThe Software Management Experts
Testing Tools and COBIT Objectives
www.softlanding.comThe Software Management Experts
TestBench
COBIT Sections A15 and PO10 - Install/Accredit Systems - Manage Projects
www.softlanding.comThe Software Management Experts
TestBench
COBIT Objective A15.7 – Testing of Changes
COBIT Objective A15.11 – Operational Test
www.softlanding.comThe Software Management Experts
TestBench
COBIT Objectives: A12.15, A13.4, A15.6, 15.8 PO10.8-9, PO10.11
www.softlanding.comThe Software Management Experts
TestBench
COBIT Objective A15.9 – Final Acceptance Test
www.softlanding.comThe Software Management Experts
SLS Tools and COBIT Objectives
www.softlanding.comThe Software Management Experts
Security Tools
COBIT Section DS5 – Ensure Systems Security
www.softlanding.comThe Software Management Experts
PowerLock NetworkSecurity
Covers COBIT Objectives: DS5.2, DS5.3, DS5.7, DS5.10 and DS5.11
www.softlanding.comThe Software Management Experts
Covers COBIT Objectives:
DS5.1, DS5.2, DS5.4, DS5.5, DS5.9, DS5.10
PowerLock SecurityAudit
www.softlanding.comThe Software Management Experts
VISUAL Security
Covers COBIT Objectives: DS5.6, DS5.7, DS5.10 and DS5.11
www.softlanding.comThe Software Management Experts
SoftMenu
Covers COBIT Objectives: DS5.3, DS5.4, DS5.5 and DS5.9
www.softlanding.comThe Software Management Experts
Experience Counts
"TurnOver and SoftMenu played a big part in our
preparations for Sarbanes-Oxley compliance.
They're always very strong during audits –
they're never challenged."
— Jerry Bell Director of Systems Development Oshkosh B'Gosh Inc.
www.softlanding.comThe Software Management Experts
Thank You!
• Contact SoftLanding to discuss how our products can help you achieve SOX compliance faster:
(800) 545-9485 or (603) 924-8818
• Email [email protected]: For questions related to this Presentation
• SoftLanding SOX Resources Page:www.softlanding.com/sox