IT today sits at the center of nearly every business process in nearly every business. If those processes aren’t working correctly, i.e. as intended, errors occur. This is especially a problem if these errors compromise financial reports.
We view IT Compliance has both a requirement and an opportunity. IT Compliance is an opportunity to ensure that IT and its operations benefit the company, that business processes are adequately controlled and can be relied upon and assurance that IT and its operations satisfy the regulatory environments in which a business exists.
The first step in IT Compliance is ensuring that IT’s policies, procedures, practices and standards align with the Business and are complied with. Second, these policies, procedures, practices and standards need to be sufficient to control the IT function and the applications it administers. Without these two attributes, the business cannot fully depend on IT and its services.
If the business is an SEC registrant, the business is responsible for complying with the provisions of the Sarbanes-Oxley Act. In addition to this, a company may be subject to various regulatory requirements. Making the situation even more complex.
In terms of specific domains, IT compliance includes:
- General IT Controls
- Applications Controls
- End User Controls.
Within these domains, you will find data protection, data quality, IT security, risk management, software development and many other areas. COBIT 5 identifies 37 distinct processes in its framework.
Parenthetically, we taught the California Society of CPA’s initial Sarbanes-Oxley compliance classes and continue to teach IT Auditing at the University and Graduate school levels.