Www.softlanding.com The Software Management Experts How to Achieve SOX Compliance Faster Presented...

www.softlanding.comThe Software Management Experts

How to Achieve SOX Compliance Faster

Presented by Laurie LeBlancSoftLanding Systems


Agenda

• SOX : Opportunity or Burden?• IT Control Framework• Software Tools

– Change Management– Testing– Security

• Q & A


Opportunity or Burden?

The Sarbanes - Oxley Act of 2002


An Annual Event

• Title IV Sect 404 - Each annual report must include an “internal control report”

– The CEO/CFO are responsible for an adequate internal control system

– Must identify internal control framework used– A certified assessment by the CEO/CFO of the

control’s effectiveness– An external auditor must also attest to the

accuracy of these assertions


COBIT (Control Objectives for IT)

COBIT - IT Governance Maturity Model

0. Non-Existent

1. Initial / Ad Hoc

2. Repeatable but Intuitive

3. Defined Process

4. Managed and Measurable

5. Optimized


Where Do I Begin?


COBIT, How Software Products Apply


• 300+ specific COBIT objectives• Of those, 164 pertain to SOX • Of those, 64 can be met with SoftLanding

tools

COBIT and SOX


For instance…

• Job Change and Termination (P07.8)– Management should ensure that appropriate

and timely actions are taken regarding job changes and terminations so that internal controls and security are not impaired by such occurrences.

• Software tools do not apply


However…

• System Software Change Controls (A13.6)– Procedures should be implemented to ensure

that system software changes are controlled in line with the organization’s change management procedures.

• Change Management tools directly apply


SLS Tools and COBIT Objectives


TurnOver Change Management


Reports


Auditing Specific Changes

• Easy to audit full lifecycle– Initial request– Task approval– Development work– Testing results– Change approvals– How & when changes went live

• All from a single iSeries database


TurnOver Change Management

Repeatable processplus:• Approval enforcement• Authorities by

application & development level

• Change history• Standardized controls


TurnOver Workflow

COBIT Section A14 – Develop & Maintain Procedures


Issue Tracking

COBIT Section DS10 – Manage Problems and Incidents


Issue Tracking


Project Management

COBIT Section PO10 – Manage Projects


Project Management

Repeatable workflow& authorities:• Save time• Increase control• Improve predictability


Project Management


Development

COBIT Sections A16 & DS9 – Manage Changes – Manage the Configuration


Development


Development

TurnOver provides for:• Object stamping and versioning• Emergency changes

– Pre-established criteria– Done within the system

• Audit trail of all program changes


Test & Deploy

COBIT Section A15 – Install & Accredit System


Test & Deploy

TurnOver will:• Create/maintain test environments• Facilitate communication between

dev, QA, users & project managers• Enforce approval procedures• Provide audit trail


Test & Deploy


Production

COBIT Objectives A15.12 & A16.8 – Promotion to Production – Distribution of Software


Production


Summary


Testing Tools and COBIT Objectives


TestBench

COBIT Sections A15 and PO10 - Install/Accredit Systems - Manage Projects


TestBench

COBIT Objective A15.7 – Testing of Changes

COBIT Objective A15.11 – Operational Test


TestBench

COBIT Objectives: A12.15, A13.4, A15.6, 15.8 PO10.8-9, PO10.11


TestBench

COBIT Objective A15.9 – Final Acceptance Test


SLS Tools and COBIT Objectives


Security Tools

COBIT Section DS5 – Ensure Systems Security


PowerLock NetworkSecurity

Covers COBIT Objectives: DS5.2, DS5.3, DS5.7, DS5.10 and DS5.11


Covers COBIT Objectives:

DS5.1, DS5.2, DS5.4, DS5.5, DS5.9, DS5.10

PowerLock SecurityAudit


VISUAL Security

Covers COBIT Objectives: DS5.6, DS5.7, DS5.10 and DS5.11


SoftMenu

Covers COBIT Objectives: DS5.3, DS5.4, DS5.5 and DS5.9


Experience Counts

"TurnOver and SoftMenu played a big part in our

preparations for Sarbanes-Oxley compliance.

They're always very strong during audits –

they're never challenged."

— Jerry Bell Director of Systems Development Oshkosh B'Gosh Inc.


Thank You!

• Contact SoftLanding to discuss how our products can help you achieve SOX compliance faster:

(800) 545-9485 or (603) 924-8818

• Email [email protected]: For questions related to this Presentation

• SoftLanding SOX Resources Page:www.softlanding.com/sox

Www.softlanding.com The Software Management Experts How to Achieve SOX Compliance Faster Presented...

Documents

Transcript of Www.softlanding.com The Software Management Experts How to Achieve SOX Compliance Faster Presented...