Sarb-Ox compliance improves communication

Increasingly, to keep themselves and their companies out of trouble, members of the Information Systems Audit and Control Association (ISACA) are turning to an IT governance tool, the Control Objectives for Information and Related Technology, or Cobit.

Although Cobit has been around since the early 1990s, the Sarbanes-Oxley Act is pushing new interest in the tool, said users who have implemented it. Cobit is also getting updated: A new version of a Sarb-Ox-specific tool that uses Cobit, the IT Control Objectives for Sarbanes-Oxley, is being finalized by the IT Governance Institute (ITGI). Public comment is now being accepted on the updated tool, which includes recent U.S. Security and Exchange Commission guidance.

A major update of Cobit, Version 4, was released in December by the ITGI. Cobit and the Sarb-Ox framework are both available as free downloads from the www.isaca.org Web site.

Cobit creates a common framework for business and IT management and in a “nontechnical way” explains about building controls around a business process, said Steven Suther, director of information security management for American Express Technologies, the IT arm of American Express Co. Cobit allows “my business folks to actually understand IT processes for the first time ever,” he said.

The management focus of Cobit differs from the Information Technology Infrastructure Library (ITIL) that is gaining data center adoption. But both are complementary, and the latest version of Cobit has improved integration with ITIL, said Robert Stroud, an IT service management evangelist at CA Inc., and contributor to Cobit.

Would you recommend this article?

0
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

Related Tech News