Question
What are the key areas of IT that are examined during a Sarbanes-Oxley audit?
Answer
The Sarbanes-Oxley act is also called Sarbox or SOX. It is planned to ensure the reliability of public companies' financial statements. It mainly provides the security of the financial structures and IT (Information Technology) infrastructures used in the organization.Critical areas of IT examined during a Sarbanes-Oxley audit are as follows:
- Change management in IT
- Logical access to data
- Operations in IT
Change management in IT:
- It is the process of monitoring the changes made in the IT infrastructure used in an organization.
- If any changes are made in the operating system and databases, permission from the change control board must be required.
- It controls authorization changes that occur in the IT systems
Logical access to data:
- It handles the process of preventing unauthorized access to data.
- It assigns explicitly access to the individual user in the organization
- Personnel control and physical access control are the two security policies.
Operations in IT:
- It handles the day-to-day operations performed in the infrastructure, databases, and applications used in the organization.
- Monitor and perform daily or regular system activities, such as database backup, data availability verification, etc.
Post a Comment