Www.softlanding.com The Software Management Experts How to Achieve SOX Compliance Faster Presented by Laurie LeBlanc SoftLanding Systems.

Slides:

Advertisements

Similar presentations

Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services

Advertisements

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

CIP Cyber Security – Security Management Controls

Sarbanes-Oxley Act of 2002 UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Control and Accounting Information Systems

GRC SUMMIT 2013 Apr 30 - May 1, 2013 | Mandarin Oriental, Las Vegas, NV © MetricStream, Inc. |All Rights Reserved ENGAGE | INSPIRE | TRANSFORM GRC SUMMIT.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

Finance at Microsoft.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

ICAO Provisions for Safety Management

TI BISNIS ITG using COBIT &

IT Governance Capability Maturity within Government

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Dr. Julian Lo Consulting Director ITIL v3 Expert

1 Archive Access Audit Keys to Effective Compliance Lifecycle Management.

Sarbanes-Oxley Compliance Process Automation

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:

Security Controls – What Works

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

A Practical IT Approach To Sarbanes-Oxley Compliance

How a state-owned audit management system was built, its current functionality, and where its going. Jerry Chesnutt, Director of Auditing Florida Department.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Managing the Information Technology Resource Jerry N. Luftman

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

1 What is Internal Audit’s Role in Management’s Assertion The Institute of Internal Auditors May 11, 2004 Xenia Ley Parker, CIA, CISA, CFSA Principal XLP.

Information Systems Controls for System Reliability -Information Security-

Michael Solomon Tugboat Software Managing the Software Development Process.

Chicagoland IASA Spring Conference

Project Lifecycle Section 6 - Closeout. Project Manager’s Role During Project Close-Out  Ensure that all project deliverables have been completed and.

Bodil Mose Pedersen, DHI Status for implementering af ”Quality Manual”

1 Enforcing Compliance: A Patch Management Strategy That Works.

Introduction to IT Auditing

© 2006 Heuristic Management Systems Inc. Implementation of Project at Tommy Hilfiger Chris Vandersluis : President,

National Cheng Kung University 軟體品質管理期末報告 The SQA Unit and Other Actors in the SQA System Reporter: 羅國益 Teacher: 朱治平 Date: 2014/12/30.

The Sarbanes-Oxley Act of PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.

ITIL & COBIT O6PLM Kevin Lisay – Rendy Winarta –

Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.

Page 1 Internal Audit Outsourcing The Moss Adams Approach to Internal Audit Outsourcing Proposed SOX 404 Changes.

COBIT - IT Governance.

Pass SOX security audits and Improve XA security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services

1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.

1. IT AUDITS  IT audits: provide audit services where processes or data, or both, are embedded in technologies.  Subject to ethics, guidelines, and.

Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

Developing Policy and Procedure Management System إعداد برنامج سياسات وإجراءات العمل 8 Safar February 2007 HERA GENERAL HOSPITAL.

Chapter 9: Introduction to Internal Control Systems

Institute of Internal Auditors COBIT Presentation October 9, 2001.

Assessment Findings Validation Title of the Project (date)

Screening activities Mike E. Farrell James E. Bartlett and Ghislaine C.Y. Gillessen Munich, January 2014.

#325 - CobiT and Service Delivery Debra Mallette, CISA, CSSBB Kaiser Permanente IT.

IT Auditor’s Role in IT Governance Fred C. Roth, CISA MIS Training Institute Session 425.

ValGenesis Closed Loop Change Management ValGenesis, Inc Christy Street, Fremont, CA Ph:

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business.

Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.

ISACA Willamette Valley Chapter Luncheon Thursday, March 20, 2008 Practical Auditors Guide for CobiT Steve Balough, CISA.

Internal Coding Auditing Programs Gloria Litton, RHIA, CCS AHIMA Approved ICD-10-CM/PCS Trainer.

IS4680 Security Auditing for Compliance

YeahMobi CD Practice based on Container -- openstack meetup

SERVICE AUDITORS REPORT IFTA, INC. FUNDS NETTING PROCESS

Configuration Management

Presentation transcript:

The Software Management Experts How to Achieve SOX Compliance Faster Presented by Laurie LeBlanc SoftLanding Systems

The Software Management Experts Agenda SOX : Opportunity or Burden? IT Control Framework Software Tools –Change Management –Testing –Security Q & A

The Software Management Experts Opportunity or Burden? The Sarbanes - Oxley Act of 2002

The Software Management Experts An Annual Event Title IV Sect Each annual report must include an “internal control report” –The CEO/CFO are responsible for an adequate internal control system –Must identify internal control framework used –A certified assessment by the CEO/CFO of the control’s effectiveness –An external auditor must also attest to the accuracy of these assertions

The Software Management Experts COBIT (Control Objectives for IT) COBIT - IT Governance Maturity Model 0. Non-Existent 1. Initial / Ad Hoc 2. Repeatable but Intuitive 3. Defined Process 4. Managed and Measurable 5. Optimized

The Software Management Experts Where Do I Begin?

The Software Management Experts COBIT, How Software Products Apply

The Software Management Experts 300+ specific COBIT objectives Of those, 164 pertain to SOX Of those, 64 can be met with SoftLanding tools COBIT and SOX

The Software Management Experts For instance… Job Change and Termination (P07.8) –Management should ensure that appropriate and timely actions are taken regarding job changes and terminations so that internal controls and security are not impaired by such occurrences. Software tools do not apply

The Software Management Experts However… System Software Change Controls (A13.6) –Procedures should be implemented to ensure that system software changes are controlled in line with the organization’s change management procedures. Change Management tools directly apply

The Software Management Experts SLS Tools and COBIT Objectives

The Software Management Experts TurnOver Change Management

The Software Management Experts Reports

The Software Management Experts Auditing Specific Changes Easy to audit full lifecycle –Initial request –Task approval –Development work –Testing results –Change approvals –How & when changes went live All from a single iSeries database

The Software Management Experts TurnOver Change Management Repeatable process plus: Approval enforcement Authorities by application & development level Change history Standardized controls

The Software Management Experts TurnOver Workflow COBIT Section A14 – Develop & Maintain Procedures

The Software Management Experts Issue Tracking COBIT Section DS10 – Manage Problems and Incidents

The Software Management Experts Issue Tracking

The Software Management Experts Issue Tracking

The Software Management Experts Project Management COBIT Section PO10 – Manage Projects

The Software Management Experts Project Management Repeatable workflow & authorities: Save time Increase control Improve predictability

The Software Management Experts Project Management

The Software Management Experts Project Management

The Software Management Experts Development COBIT Sections A16 & DS9 – Manage Changes – Manage the Configuration

The Software Management Experts Development

The Software Management Experts Development

The Software Management Experts Development

The Software Management Experts Development TurnOver provides for: Object stamping and versioning Emergency changes –Pre-established criteria –Done within the system Audit trail of all program changes

The Software Management Experts Test & Deploy C OBIT Section A15 – Install & Accredit System

The Software Management Experts Test & Deploy TurnOver will: Create/maintain test environments Facilitate communication between dev, QA, users & project managers Enforce approval procedures Provide audit trail

The Software Management Experts Test & Deploy

The Software Management Experts Production C OBIT Objectives A15.12 & A16.8 – Promotion to Production – Distribution of Software

The Software Management Experts Production

The Software Management Experts Production

The Software Management Experts Summary

The Software Management Experts Testing Tools and COBIT Objectives

The Software Management Experts TestBench COBIT Sections A15 and PO10 - Install/Accredit Systems - Manage Projects

The Software Management Experts TestBench COBIT Objective A15.7 – Testing of Changes COBIT Objective A15.11 – Operational Test

The Software Management Experts TestBench COBIT Objectives: A12.15, A13.4, A15.6, 15.8 PO10.8-9, PO10.11

The Software Management Experts TestBench COBIT Objective A15.9 – Final Acceptance Test

The Software Management Experts SLS Tools and COBIT Objectives

The Software Management Experts Security Tools COBIT Section DS5 – Ensure Systems Security

The Software Management Experts PowerLock NetworkSecurity Covers COBIT Objectives: DS5.2, DS5.3, DS5.7, DS5.10 and DS5.11

The Software Management Experts Covers COBIT Objectives: DS5.1, DS5.2, DS5.4, DS5.5, DS5.9, DS5.10 PowerLock SecurityAudit

The Software Management Experts VISUAL Security Covers COBIT Objectives: DS5.6, DS5.7, DS5.10 and DS5.11

The Software Management Experts SoftMenu Covers COBIT Objectives: DS5.3, DS5.4, DS5.5 and DS5.9

The Software Management Experts Experience Counts "TurnOver and SoftMenu played a big part in our preparations for Sarbanes-Oxley compliance. They're always very strong during audits – they're never challenged." — Jerry Bell Director of Systems Development Oshkosh B'Gosh Inc.

The Software Management Experts Thank You! Contact SoftLanding to discuss how our products can help you achieve SOX compliance faster: (800) or (603) For questions related to this Presentation SoftLanding SOX Resources Page: