Assessment of Internal Controls
Section 404 of the Sarbanes-Oxley Act concerns the Assessment of Internal Controls. Specifically, it requires both management and an external auditor to certify that a company’s financial statements are accurate and will not be affected by inadequate internal controls. The Act does not specifically spell out specific methods or products to use to meet the requirements of the Act and gain compliance. However, many companies are choosing to adopt a standard framework such as the Committee of Sponsoring Organizations (COSO) or the Control Objectives for Information and Related Technologies (COBIT). While the COSO framework is useful for a large contingent of management, many IT managers, users, and auditors rely on COBIT which is based on the COSO framework and published by the IT Governance Institute and the Information Systems Audit and Control Association (ISACA). Both frameworks provide a process by which the adequacy of internal controls can be assessed.
Achieve and Maintain Compliance
Assuring that financial statements are accurate and based on sound financial information requires being able to say with absolute certainty that the data the reports are based on is accurate. This is certainly a tall order, especially since your CFO must attest that the statements are accurate. How do you gain SOX compliance, and then ensure that you constantly maintain that compliance? How do you manage your data and configurations and be immediately aware of changes? How do you instantly remediate changes that can cause your company to no longer be SOX compliant, and worse yet, potentially compromise the integrity of your financial statements?
These are all challenging questions, and because SOX is vague with regards to how to comply, it is all the more difficult. Some products can alert you to changes when they occur, but leave the response part up to you. How long does it take for you to respond? What can happen in the time between detection and remediation, even if that time is as little as a few minutes? These are important questions to consider as you think about how to best ensure the integrity of your IT infrastructure.
The CimTrak Solution
While some products detect changes, CimTrak’s cutting edge technology can remediate changes instantly. This response does not rely on any human intervention to be 100% effective. This instant response not only ensures that you constantly maintain compliance, but also that your IT infrastructure stays running. CimTrak logs all file changes, and provides you with detailed reports that allow for easy audits. CimTrak’s versatility can help you meet three distinct sections of the COBIT framework: Acquisition and Implementation, Delivery and Support, and Monitoring. The bottom line is that CimTrak helps you become SOX compliant, and be assured that your valuable information is in a constant state of integrity.