A Framework for Integrating Sarbanes-Oxley Compliance into the Systems Development Process

Mishra, Sushma; Weistroffer, Heinz Roland

doi:10.17705/1cais.02044

Cited by 19 publications

(10 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This directs our research to its second proposition -ISG is initiated using a risk-based approach. Since, determining the effective management of risk is part of IT governance (Solms, 2005), the IT governance structure must be designed so that IT adds value to the business and IT risks are mitigated (Mishra & Weistroffer, 2007).…”

Section: 4mentioning

confidence: 99%

A process model for implementing information systems security governance

Nicho

2018

ICS

View full text Add to dashboard Cite

show abstract

Section: 4mentioning

confidence: 99%

A process model for implementing information systems security governance

Nicho

2018

ICS

View full text Add to dashboard Cite

show abstract

“…Table 5 illustrates IT strategic risks and controls objectives for the two of the 34 COBIT High Level Objectives (Process Descriptions): Plan and Organize (PO)1 -Define a Strategic IT Plan; and PO6 -Communicate Management Aims and Direction [ITGI 2007a]. See Mishra and Weistroffer [2007] for more details on COBIT. Using Audit Documentation to Improve Operational Efficiency through Business (and IT) Process Reengineering or Improved Business Process Management.…”

Section: Improved Return On Investment In Information Technology Thromentioning

confidence: 99%

“…For example, the Sarbanes-Oxley Act of 2002 (SOX) requires CEOs and CFOs of large, publicly traded organizations in the United States to personally certify their organizations' financial statements. Per the Act [see Liedtka 2007, andMishra andWeistroffer 2007 for more details], these officers are responsible for designing, establishing, and evaluating the internal controls necessary to produce accurate financial statements. These financials are, in turn, significantly dependent on the information systems used in the organization.…”

Section: Introductionmentioning

confidence: 99%

Information Technology Auditing: A Value-Added IT Governance Partnership between IT Management and Audit

Merhout¹,

Havelka²

2008

CAIS

View full text Add to dashboard Cite

Information systems provide both the means for organizations to transact business and the ability to report the financial results of their operations. Information technology auditing is an integral part of corporate governance. However, information technology auditing is often looked upon as a "necessary evil" or is overlooked entirely by IT management We argue that IT audit activities can provide additional value beyond the primary objective of assurance, assuming the organization embraces IT governance partnerships between IT management and the audit function. We also analyze factors developed from field study research that suggest IT audits are special projects requiring a quality audit process and sound project management principles. These success factors, if managed properly, can lead to high-quality IT audit products (i.e., engagements) that could conceivably free audit resources for more value-added projects and enterprise oversight. We close with a discussion of future research directions.

show abstract

“…The demand to ensure that runtime process instances comply with modeling-level processes and policies becomes even more pressing with recent laws and regulations such as the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HI-PAA), or the Basel II Accord. For example, adequate support for the definition and enforcement of process-related access control policies, including separation of duty constraints, is one important part of SOX compliance [13,18,52]. Moreover, corresponding compliance requirements also arise from security recommendations and standards such as the NIST security handbook [55], the NIST recommended security controls [56], the ISO 27000 standard family [29][30][31] (formerly ISO 17799), legally binding agreements such as business contracts, or company-specific (internal) rules/ regulations.…”

Section: Introductionmentioning

confidence: 99%