Sarbanes-Oxley: building working strategies for compliance
Gespeichert in:
Hauptverfasser: | , |
---|---|
Format: | Buch |
Sprache: | English |
Veröffentlicht: |
New York, NY
Palgrave Macmillan
2007
|
Ausgabe: | 1. publ. |
Schlagworte: | |
Online-Zugang: | Contributor biographical information Publisher description Table of contents only Inhaltsverzeichnis |
Beschreibung: | XXIII, 416 S. graph. Darst. |
ISBN: | 0230006787 9780230006782 |
Internformat
MARC
LEADER | 00000nam a2200000zc 4500 | ||
---|---|---|---|
001 | BV022464599 | ||
003 | DE-604 | ||
005 | 20140127 | ||
007 | t | ||
008 | 070614s2007 xxud||| |||| 00||| eng d | ||
010 | |a 2006051222 | ||
020 | |a 0230006787 |c hardback |9 0-2300-0678-7 | ||
020 | |a 9780230006782 |9 978-0-2300-0678-2 | ||
035 | |a (DE-599)BVBBV022464599 | ||
040 | |a DE-604 |b ger |e aacr | ||
041 | 0 | |a eng | |
044 | |a xxu |c US | ||
049 | |a DE-M382 | ||
100 | 1 | |a Sheppey, Terence |e Verfasser |4 aut | |
245 | 1 | 0 | |a Sarbanes-Oxley |b building working strategies for compliance |c Terence Sheppey and Ross McGill |
250 | |a 1. publ. | ||
264 | 1 | |a New York, NY |b Palgrave Macmillan |c 2007 | |
300 | |a XXIII, 416 S. |b graph. Darst. | ||
336 | |b txt |2 rdacontent | ||
337 | |b n |2 rdamedia | ||
338 | |b nc |2 rdacarrier | ||
610 | 2 | 4 | |a United States |t Sarbanes-Oxley Act of 2002 |
650 | 4 | |a Recht | |
650 | 4 | |a Corporations |x Accounting |x Law and legislation |z United States | |
650 | 4 | |a Financial statements |x Law and legislation |z United States | |
650 | 4 | |a Directors of corporations |x Legal status, laws, etc |z United States | |
650 | 4 | |a Corporate governance |x Law and legislation |z United States | |
651 | 4 | |a USA | |
700 | 1 | |a McGill, Ross |d 1955- |e Verfasser |0 (DE-588)13591843X |4 aut | |
856 | 4 | |u http://www.loc.gov/catdir/enhancements/fy0701/2006051222-b.html |3 Contributor biographical information | |
856 | 4 | |u http://www.loc.gov/catdir/enhancements/fy0701/2006051222-d.html |3 Publisher description | |
856 | 4 | |u http://www.loc.gov/catdir/enhancements/fy0701/2006051222-t.html |3 Table of contents only | |
856 | 4 | 2 | |m HBZ Datenaustausch |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=015672202&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |3 Inhaltsverzeichnis |
999 | |a oai:aleph.bib-bvb.de:BVB01-015672202 |
Datensatz im Suchindex
_version_ | 1804136549133058048 |
---|---|
adam_text | m m
Contents
List of figures x
List of tables xiv
Preface xvii
About the authors XIX
List of abbreviations XXI
PARTI The Sarbanes Oxley Act 1
1 What is Sarbanes Oxley? 3
Introduction ¦
SOX at a glance 4
Practical compliance summary 5
2 Background and Legislative Trends 7
Background
Trends in regulation
Trends in financial services 10
Regulatory pressure
The effect of the Act: is it working? 12
Current trends
Positive skepticism
Practical compliance summary: looking forward 16
3 Perspectives for the Financial Sector 19
The response to regulation 19
Practical compliance summary 25
4 An Overview of the Act 27
Introduction
Structure and sections of the Act 28
Titles: quick summary 28
Sections of the Act 28
^ VI f «^ WIN I CIN I D
Title I: Public Company Accounting Oversight Board 28
Title II: Auditor independence 36
Title III: Corporate responsibility 40
Title IV: Enhanced financial disclosures 46
Title V: Analyst conflicts of interest 51
Title VI: Commission resources and authority 52
Title VII: Studies and reports 52
Title VIII: Corporate and criminal fraud accountability 53
Title IX: White collar crime penalty enhancements 56
Title X: Corporate tax returns 57
Title XI: Corporate fraud accountability 58
Timetable to compliance 60
PART II The Requirement: SOX and the Financial Sector 63
5 Why are Financial Services Affected? 65
Overview of the financial sector 65
Reputation as a capital asset 69
Reputation and best practice 69
Compliance models for the finance sector 74
Practical compliance summary 77
6 The Public Face: Financial Reporting 78
Reporting and compliance 78
Financial reporting and compliance 79
Financial reporting assertions 80
Sources of information 81
True and fair 81
Publicized compliance 82
Auditing of financial statements 82
Reporting standards 83
Transaction standards: SWIFT 86
Technical standards: XBRL 88
Improving reporting 91
Practical compliance summary 91
7 The Impact of Cost 93
The cost of compliance 93
Cost benefit analysis 94
Cost and complexity 95
Ongoing costs 96
The true cost of compliance 98
Diverted costs 100
Cost examples 101
Auditor costs 103
Practical compliance summary 103
8 Responsibility 105
Introduction 105
Summary of key issues for senior executives 105
Executive responsibility 106
Evaluation and assessment 107
Ethical behavior 108
The role of non executive directors 108
The responsibility cascade 109
Audit committee 110
Practical compliance summary 113
9 Internal Auditing 114
Internal auditing 114
Executive action 115
IT audit planning 116
Auditing models: control self assessment 121
Auditing tools 123
Practical compliance summary 125
10 External Auditing 127
Who is to do the audit 127
Types of audit: certification audit 128
Ensuring the organization meets the audit requirements 128
The role of the CPA in auditing for the Act 129
Preparing for an audit 129
Audit process 1™
Steps in the auditing process 131
Ongoing auditing 132
Statement of applicability for the Act 132
External audit reporting 133
PCAOB summary 137
Practical compliance summary 141
Part III Practical Compliance 143
11 Building the Strategy 145
The strategic nature of compliance 145
Approaches to compliance 146
State of compliance 149
Compliance and risk 154
Preparing for compliance 157
Industry best practice 163
Practical compliance summary 165
12 The Compliance Process 166
The compliance process 166
The compliance process: strategic and tactical 167
The compliance process: systematic and pragmatic 172
Mapping the compliance cycle to business 176
Applying the compliance cycle to processes 177
The compliance process in context 177
Practical compliance summary 179
13 Compliance with Section 302 181
Documentation for demonstrating compliance 181
Practical compliance summary 186
14 Compliance with Section 404 188
The special challenges of Section 404 188
Section 404: Management assessment of internal controls 188
Content of management s internal control report 189
Critical success factors (CSFs) for Section 404 189
Project management lifecycle 191
Implementing a Section 404 project 192
Practical compliance summary 194
15 Compliance with Other Relevant Sections 195
Sections 802 and 1102 195
Section 103: Auditing, quality control, and independence
standards and rules 198
Section 201: Services outside the scope of practice of auditors;
prohibited activities 199
Section 409: Real time issuer disclosures 199
Practical compliance summary 201
16 Compliance in the Supply Chain 202
Compliance in the extended enterprise 203
The significance for intermediaries, underwriters, and others
in the chain 204
SAS 70 in the supply chain 204
Outsourcing functions in the supply chain 206
Practical compliance summary 206
17 Internal Controls 207
Introduction 207
Disclosure controls and procedures 208
Scoping internal controls 210
Internal controls 211
Measurement criteria 215
Practical compliance summary 221
18 Documentation, Testing, and Evaluation 223
Documentation for demonstrating compliance 223
Regulatory requirements for documentation 224
Documentation, email, and compliance 226
Risk management: documenting controls with a control matrix 228
Evaluation and testing 229
Testing controls 229
Management assessment 232
Practical compliance summary 235
19 Process and the Organization: Policies and Behavior 236
The idea of a process 236
What constitutes a process? 236
Process mapping and flowcharting 237
Compliance and process 238
Business processes in financial services 242
Corporate governance 245
Behavior 246
Internal policies 247
Practical compliance summary 248
Part IV Securing the Organization for Compliance 251
20 Risk Management 253
Risk assessment 253
Treating risk 254
Risk and the Act 254
Business risk 255
Implications of the Act 256
Risk factors 256
Risk management 260
Extending the scope of the Act 265
Changing behavior 267
The financial function and risk management 269
Practical compliance summary 270
21 Intellectual Capital 271
Intellectual property 271
IT and the business: the value of information 272
Documents and records: the risk of intellectual property loss 274
Practical compliance summary 276
22 Information Security 277
Using ISO 17799 as a framework for compliance 277
Documentation 278
Statement of applicability 278
ISO 17799 controls for compliance 278
Management approval 293
Practical compliance summary 296
Part V Solutions for Compliance: Joining the Dots 297
23 Frameworks for Compliance: COSO and COBIT 299
COSO: an introduction 299
The five components of COSO 300
Performance measures 308
COBIT 311
IT governance 316
Precursors and other models 326
The COBIT project 327
Definitions 327
Documentation 331
Developing the framework 331
Control objectives and principles 332
Summarizing the system 334
Practical compliance summary 334
24 Methodologies and Frameworks 342
Supporting compliance 342
ITIL 343
Six Sigma 344
ISO 17799 347
CMMI 349
What methodologies, frameworks, and standards have
in common 350
Practical compliance summary 351
25 Professional Service Providers and Best Practice 353
The major players: the Big Four 353
Practical compliance summary 359
26 The Benchmark Solution 360
An ideal solution? 360
Benchmarks in general 360
Ongoing processes and flexibility 363
Timescales 364
Benchmarking and the compliance process 364
Sample COBIT model mapped to a generic finance company 368
Internal auditing in practice 372
Practical compliance summary 380
Appendix A A summary of practical compliance 381
Appendix B Vendor solutions 399
Compliance at the desktop 400
Unstructured communications 401
Preventive compliance 403
Useful contacts for compliance solutions and components 404
Bibliography and References 406
Index 409
Figures
2.1 Regulatory pressure model 12
2.2 Do you agree that Sarbanes Oxley will restore investor
confidence in US listed companies? 13
3.1 Technology waves, user adoption, and regulatory focus 23
5.1 Controls and monitoring: the broker s title 72
7.1 Cost versus complexity 96
7.2 Maintaining the cost of ongoing compliance 98
8.1 The responsibility cascade 111
9.1 IT audit feedback to risk assessment 120
10.1 The audit process 133
11.1 The strategic compliance process 146
11.2 The compliance iceberg 147
11.3 Passive linear compliance 150
11.4 Active linear compliance 150
11.5 Cyclical compliance 151
11.6 The sliding window 154
11.7 The compliance chain 157
11.8 Inputs to preparation for the compliance process 159
12.1 The compliance process 169
12.2 The compliance process and management 176
12.3 The compliance engine 177
12.4 The compliance process in context 178
14.1 Planning the compliance timetable 192
«*itft
16.1 A financial services supply chain 202
17.1 Management mapped to compliance responsibilities 207
17.2 Section 404 as a subset of disclosure controls 208
17.3 Management decisions on disclosure 209
17.4 Control deficiencies 218
19.1 Process and layers of control 239
20.1 Risk areas and characteristics 257
23.1 COBIT and compliance 315
23.2 Enterprise and IT governance in context 317
23.3 The COBIT project 328
24.1 Before and after variances using Six Sigma techniques 346
26.1 Benchmarking and compliance 362
26.2 FinOrg relevant internal management bodies 370
A.I Compliance process road map 382
Tables
4.1 Sections of the Act 29
4.2 Structure of the Act: titles and descriptions 30
4.3 Timetable for accelerated filers—larger companies 61
4.4 Timetable for non accelerated filers—smaller companies
and foreign companies 61
5.1 Sample compliance map by sector 76
7.1 Invisible costs of compliance 100
8.1 Impact on senior executives of the Sarbanes Oxley Act 106
8.2 Requirements for a code of ethics for senior executives 109
10.1 Example reports in the PCAOB standard 134
11.1 A preparatory assessment checklist 162
12.1 The PDCA method 174
12.2 Applying PDCA to the compliance process 175
13.1 Section 302 and practical compliance activities 182
13.2 Advantages and disadvantages of reuse 185
14.1 Summary of Section 404 requirements 190
15.1 Section 802 196
15.2 Section 1102 197
15.3 Section 103 198
15.4 Section 201 200
15.5 Section 409 200
17.1 A comparison of sections 302 and 404 210
17.2 Summary of PCAOB internal controls 215
17.3 Summary of PCAOB policies and procedures 216
17.4 A control deficiency 217
18.1 Controls: frequency of application 231
22.1 A comparison of ISO 17799 and the compliance process 279
22.2 Sample incident management process 283
22.3 Incident management and the statement of applicability 284
22.4 Control objective: information security policy 285
22.5 Sample control objectives and controls 286
22.6 Sample implementation of controls 290
22.7 Controls and risk 291
22.8 Controls and user access 292
22.9 User responsibilities 293
22.10 Correct processing 294
22.11 Testing options 295
22.12 Business continuity 2 5
23.1 Control environment indicators 302
23.2 Control environment actions for practical compliance 303
23.3 Risk assessment levels 304
23.4 General controls 3O6
23.5 Application controls ™ 7
23.6 Information quality indicators 309
23.7 Monitoring indicators JIU
23.8 Performance measures 311
23.9 COBIT key goal indicators 318
23.10 COBIT critical success factors 321
23.11 Key performance indicators and measurement methods 322
23.12 COBIT maturity model and compliance 323
23.13 COBIT framework requirement overlaps 330
23.14 Planning and organization summary 335
23.15 Acquisition and implementation summary 337
23.16 Delivery and support 338
23.17 Monitoring summary
26.1 FinOrg domain planning and organization 371
26.2 FinOrg strategic information technology plan control
objectives
26.3 FinOrg acquisition and implementation 375
26.4 Delivery and support
A.I What is Sarbanes Oxley? 383
A.2 Background and legislative trends 383
A.3 Perspectives for the financial sector 384
A.4 Why financial services? 385
A.5 Financial reporting 386
A.6 The impact of cost 387
A.7 Responsibility 388
A.8 Internal auditing 389
A.9 External auditing 389
A. 10 Building the strategy 390
A. 11 The compliance process 391
A. 12 Compliance with Section 302 392
A. 13 Compliance with Section 404 392
A. 14 Compliance with other sections 393
A. 15 Compliance in the supply chain 393
A. 16 The impact of cost 394
A. 17 Documentation, testing, and evaluation 394
A. 18 Process and the organization: policies and behavior 395
A. 19 Risk management 395
A.20 Intellectual capital 396
A.21 Information security 396
A.22 COSOandCOBIT 396
A.23 Methodologies and frameworks 397
A.24 Professional service providers and best practice 397
A.25 The benchmark solution 398
B.I A cross section of solutions available on the market 405
|
adam_txt |
m m
Contents
List of figures x"
List of tables xiv
Preface xvii
About the authors XIX
List of abbreviations XXI
PARTI The Sarbanes Oxley Act 1
1 What is Sarbanes Oxley? 3
Introduction ¦'
SOX at a glance 4
Practical compliance summary 5
2 Background and Legislative Trends 7
Background
Trends in regulation "
Trends in financial services 10
Regulatory pressure
The effect of the Act: is it working? 12
Current trends
Positive skepticism
Practical compliance summary: looking forward 16
3 Perspectives for the Financial Sector 19
The response to regulation 19
Practical compliance summary 25
4 An Overview of the Act 27
Introduction
Structure and sections of the Act 28
Titles: quick summary 28
Sections of the Act 28
^ VI f «^ WIN I CIN I D
Title I: Public Company Accounting Oversight Board 28
Title II: Auditor independence 36
Title III: Corporate responsibility 40
Title IV: Enhanced financial disclosures 46
Title V: Analyst conflicts of interest 51
Title VI: Commission resources and authority 52
Title VII: Studies and reports 52
Title VIII: Corporate and criminal fraud accountability 53
Title IX: White collar crime penalty enhancements 56
Title X: Corporate tax returns 57
Title XI: Corporate fraud accountability 58
Timetable to compliance 60
PART II The Requirement: SOX and the Financial Sector 63
5 Why are Financial Services Affected? 65
Overview of the financial sector 65
Reputation as a capital asset 69
Reputation and best practice 69
Compliance models for the finance sector 74
Practical compliance summary 77
6 The Public Face: Financial Reporting 78
Reporting and compliance 78
Financial reporting and compliance 79
Financial reporting assertions 80
Sources of information 81
"True" and "fair" 81
Publicized compliance 82
Auditing of financial statements 82
Reporting standards 83
Transaction standards: SWIFT 86
Technical standards: XBRL 88
Improving reporting 91
Practical compliance summary 91
7 The Impact of Cost 93
The cost of compliance 93
Cost benefit analysis 94
Cost and complexity 95
Ongoing costs 96
The true cost of compliance 98
Diverted costs 100
Cost examples 101
Auditor costs 103
Practical compliance summary 103
8 Responsibility 105
Introduction 105
Summary of key issues for senior executives 105
Executive responsibility 106
Evaluation and assessment 107
Ethical behavior 108
The role of non executive directors 108
The responsibility cascade 109
Audit committee 110
Practical compliance summary 113
9 Internal Auditing 114
Internal auditing 114
Executive action 115
IT audit planning 116
Auditing models: control self assessment 121
Auditing tools 123
Practical compliance summary 125
10 External Auditing 127
Who is to do the audit 127
Types of audit: certification audit 128
Ensuring the organization meets the audit requirements 128
The role of the CPA in auditing for the Act 129
Preparing for an audit 129
Audit process 1™
Steps in the auditing process 131
Ongoing auditing 132
Statement of applicability for the Act 132
External audit reporting 133
PCAOB summary 137
Practical compliance summary 141
Part III Practical Compliance 143
11 Building the Strategy 145
The strategic nature of compliance 145
Approaches to compliance 146
State of compliance 149
Compliance and risk 154
Preparing for compliance 157
Industry best practice 163
Practical compliance summary 165
12 The Compliance Process 166
The compliance process 166
The compliance process: strategic and tactical 167
The compliance process: systematic and pragmatic 172
Mapping the compliance cycle to business 176
Applying the compliance cycle to processes 177
The compliance process in context 177
Practical compliance summary 179
13 Compliance with Section 302 181
Documentation for demonstrating compliance 181
Practical compliance summary 186
14 Compliance with Section 404 188
The special challenges of Section 404 188
Section 404: Management assessment of internal controls 188
Content of management's internal control report 189
Critical success factors (CSFs) for Section 404 189
Project management lifecycle 191
Implementing a Section 404 project 192
Practical compliance summary 194
15 Compliance with Other Relevant Sections 195
Sections 802 and 1102 195
Section 103: Auditing, quality control, and independence
standards and rules 198
Section 201: Services outside the scope of practice of auditors;
prohibited activities 199
Section 409: Real time issuer disclosures 199
Practical compliance summary 201
16 Compliance in the Supply Chain 202
Compliance in the extended enterprise 203
The significance for intermediaries, underwriters, and others
in the chain 204
SAS 70 in the supply chain 204
Outsourcing functions in the supply chain 206
Practical compliance summary 206
17 Internal Controls 207
Introduction 207
Disclosure controls and procedures 208
Scoping internal controls 210
Internal controls 211
Measurement criteria 215
Practical compliance summary 221
18 Documentation, Testing, and Evaluation 223
Documentation for demonstrating compliance 223
Regulatory requirements for documentation 224
Documentation, email, and compliance 226
Risk management: documenting controls with a control matrix 228
Evaluation and testing 229
Testing controls 229
Management assessment 232
Practical compliance summary 235
19 Process and the Organization: Policies and Behavior 236
The idea of a process 236
What constitutes a process? 236
Process mapping and flowcharting 237
Compliance and process 238
Business processes in financial services 242
Corporate governance 245
Behavior 246
Internal policies 247
Practical compliance summary 248
Part IV Securing the Organization for Compliance 251
20 Risk Management 253
Risk assessment 253
Treating risk 254
Risk and the Act 254
Business risk 255
Implications of the Act 256
Risk factors 256
Risk management 260
Extending the scope of the Act 265
Changing behavior 267
The financial function and risk management 269
Practical compliance summary 270
21 Intellectual Capital 271
Intellectual property 271
IT and the business: the value of information 272
Documents and records: the risk of intellectual property loss 274
Practical compliance summary 276
22 Information Security 277
Using ISO 17799 as a framework for compliance 277
Documentation 278
Statement of applicability 278
ISO 17799 controls for compliance 278
Management approval 293
Practical compliance summary 296
Part V Solutions for Compliance: Joining the Dots 297
23 Frameworks for Compliance: COSO and COBIT 299
COSO: an introduction 299
The five components of COSO 300
Performance measures 308
COBIT 311
IT governance 316
Precursors and other models 326
The COBIT project 327
Definitions 327
Documentation 331
Developing the framework 331
Control objectives and principles 332
Summarizing the system 334
Practical compliance summary 334
24 Methodologies and Frameworks 342
Supporting compliance 342
ITIL 343
Six Sigma 344
ISO 17799 347
CMMI 349
What methodologies, frameworks, and standards have
in common 350
Practical compliance summary 351
25 Professional Service Providers and Best Practice 353
The major players: the Big Four 353
Practical compliance summary 359
26 The Benchmark Solution 360
An ideal solution? 360
Benchmarks in general 360
Ongoing processes and flexibility 363
Timescales 364
Benchmarking and the compliance process 364
Sample COBIT model mapped to a generic finance company 368
Internal auditing in practice 372
Practical compliance summary 380
Appendix A A summary of practical compliance 381
Appendix B Vendor solutions 399
Compliance at the desktop 400
Unstructured communications 401
Preventive compliance 403
Useful contacts for compliance solutions and components 404
Bibliography and References 406
Index 409
Figures
2.1 Regulatory pressure model 12
2.2 Do you agree that Sarbanes Oxley will restore investor
confidence in US listed companies? 13
3.1 Technology waves, user adoption, and regulatory focus 23
5.1 Controls and monitoring: the broker's title 72
7.1 Cost versus complexity 96
7.2 Maintaining the cost of ongoing compliance 98
8.1 The responsibility cascade 111
9.1 IT audit feedback to risk assessment 120
10.1 The audit process 133
11.1 The strategic compliance process 146
11.2 The compliance iceberg 147
11.3 Passive linear compliance 150
11.4 Active linear compliance 150
11.5 Cyclical compliance 151
11.6 The sliding window 154
11.7 The compliance chain 157
11.8 Inputs to preparation for the compliance process 159
12.1 The compliance process 169
12.2 The compliance process and management 176
12.3 The compliance engine 177
12.4 The compliance process in context 178
14.1 Planning the compliance timetable 192
«*itft
16.1 A financial services supply chain 202
17.1 Management mapped to compliance responsibilities 207
17.2 Section 404 as a subset of disclosure controls 208
17.3 Management decisions on disclosure 209
17.4 Control deficiencies 218
19.1 Process and layers of control 239
20.1 Risk areas and characteristics 257
23.1 COBIT and compliance 315
23.2 Enterprise and IT governance in context 317
23.3 The COBIT project 328
24.1 Before and after variances using Six Sigma techniques 346
26.1 Benchmarking and compliance 362
26.2 FinOrg relevant internal management bodies 370
A.I Compliance process road map 382
Tables
4.1 Sections of the Act 29
4.2 Structure of the Act: titles and descriptions 30
4.3 Timetable for accelerated filers—larger companies 61
4.4 Timetable for non accelerated filers—smaller companies
and foreign companies 61
5.1 Sample compliance map by sector 76
7.1 Invisible costs of compliance 100
8.1 Impact on senior executives of the Sarbanes Oxley Act 106
8.2 Requirements for a code of ethics for senior executives 109
10.1 Example reports in the PCAOB standard 134
11.1 A preparatory assessment checklist 162
12.1 The PDCA method 174
12.2 Applying PDCA to the compliance process 175
13.1 Section 302 and practical compliance activities 182
13.2 Advantages and disadvantages of reuse 185
14.1 Summary of Section 404 requirements 190
15.1 Section 802 196
15.2 Section 1102 197
15.3 Section 103 198
15.4 Section 201 200
15.5 Section 409 200
17.1 A comparison of sections 302 and 404 210
17.2 Summary of PCAOB internal controls 215
17.3 Summary of PCAOB policies and procedures 216
17.4 A control deficiency 217
18.1 Controls: frequency of application 231
22.1 A comparison of ISO 17799 and the compliance process 279
22.2 Sample incident management process 283
22.3 Incident management and the statement of applicability 284
22.4 Control objective: information security policy 285
22.5 Sample control objectives and controls 286
22.6 Sample implementation of controls 290
22.7 Controls and risk 291
22.8 Controls and user access 292
22.9 User responsibilities 293
22.10 Correct processing 294
22.11 Testing options 295
22.12 Business continuity 2"5
23.1 Control environment indicators 302
23.2 Control environment actions for practical compliance 303
23.3 Risk assessment levels 304
23.4 General controls 3O6
23.5 Application controls ™"7
23.6 Information quality indicators 309
23.7 Monitoring indicators JIU
23.8 Performance measures 311
23.9 COBIT key goal indicators 318
23.10 COBIT critical success factors 321
23.11 Key performance indicators and measurement methods 322
23.12 COBIT maturity model and compliance 323
23.13 COBIT framework requirement overlaps 330
23.14 Planning and organization summary 335
23.15 Acquisition and implementation summary 337
23.16 Delivery and support 338
23.17 Monitoring summary
26.1 FinOrg domain planning and organization 371
26.2 FinOrg strategic information technology plan control
objectives
26.3 FinOrg acquisition and implementation 375
26.4 Delivery and support
A.I What is Sarbanes Oxley? 383
A.2 Background and legislative trends 383
A.3 Perspectives for the financial sector 384
A.4 Why financial services? 385
A.5 Financial reporting 386
A.6 The impact of cost 387
A.7 Responsibility 388
A.8 Internal auditing 389
A.9 External auditing 389
A. 10 Building the strategy 390
A. 11 The compliance process 391
A. 12 Compliance with Section 302 392
A. 13 Compliance with Section 404 392
A. 14 Compliance with other sections 393
A. 15 Compliance in the supply chain 393
A. 16 The impact of cost 394
A. 17 Documentation, testing, and evaluation 394
A. 18 Process and the organization: policies and behavior 395
A. 19 Risk management 395
A.20 Intellectual capital 396
A.21 Information security 396
A.22 COSOandCOBIT 396
A.23 Methodologies and frameworks 397
A.24 Professional service providers and best practice 397
A.25 The benchmark solution 398
B.I A cross section of solutions available on the market 405 |
any_adam_object | 1 |
any_adam_object_boolean | 1 |
author | Sheppey, Terence McGill, Ross 1955- |
author_GND | (DE-588)13591843X |
author_facet | Sheppey, Terence McGill, Ross 1955- |
author_role | aut aut |
author_sort | Sheppey, Terence |
author_variant | t s ts r m rm |
building | Verbundindex |
bvnumber | BV022464599 |
ctrlnum | (DE-599)BVBBV022464599 |
edition | 1. publ. |
format | Book |
fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01906nam a2200433zc 4500</leader><controlfield tag="001">BV022464599</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20140127 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">070614s2007 xxud||| |||| 00||| eng d</controlfield><datafield tag="010" ind1=" " ind2=" "><subfield code="a">2006051222</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0230006787</subfield><subfield code="c">hardback</subfield><subfield code="9">0-2300-0678-7</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780230006782</subfield><subfield code="9">978-0-2300-0678-2</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV022464599</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxu</subfield><subfield code="c">US</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-M382</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Sheppey, Terence</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Sarbanes-Oxley</subfield><subfield code="b">building working strategies for compliance</subfield><subfield code="c">Terence Sheppey and Ross McGill</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">1. publ.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">New York, NY</subfield><subfield code="b">Palgrave Macmillan</subfield><subfield code="c">2007</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXIII, 416 S.</subfield><subfield code="b">graph. Darst.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="610" ind1="2" ind2="4"><subfield code="a">United States</subfield><subfield code="t">Sarbanes-Oxley Act of 2002</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Recht</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Corporations</subfield><subfield code="x">Accounting</subfield><subfield code="x">Law and legislation</subfield><subfield code="z">United States</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Financial statements</subfield><subfield code="x">Law and legislation</subfield><subfield code="z">United States</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Directors of corporations</subfield><subfield code="x">Legal status, laws, etc</subfield><subfield code="z">United States</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Corporate governance</subfield><subfield code="x">Law and legislation</subfield><subfield code="z">United States</subfield></datafield><datafield tag="651" ind1=" " ind2="4"><subfield code="a">USA</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">McGill, Ross</subfield><subfield code="d">1955-</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)13591843X</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2=" "><subfield code="u">http://www.loc.gov/catdir/enhancements/fy0701/2006051222-b.html</subfield><subfield code="3">Contributor biographical information</subfield></datafield><datafield tag="856" ind1="4" ind2=" "><subfield code="u">http://www.loc.gov/catdir/enhancements/fy0701/2006051222-d.html</subfield><subfield code="3">Publisher description</subfield></datafield><datafield tag="856" ind1="4" ind2=" "><subfield code="u">http://www.loc.gov/catdir/enhancements/fy0701/2006051222-t.html</subfield><subfield code="3">Table of contents only</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">HBZ Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=015672202&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-015672202</subfield></datafield></record></collection> |
geographic | USA |
geographic_facet | USA |
id | DE-604.BV022464599 |
illustrated | Illustrated |
index_date | 2024-07-02T17:41:48Z |
indexdate | 2024-07-09T20:58:10Z |
institution | BVB |
isbn | 0230006787 9780230006782 |
language | English |
lccn | 2006051222 |
oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-015672202 |
open_access_boolean | |
owner | DE-M382 |
owner_facet | DE-M382 |
physical | XXIII, 416 S. graph. Darst. |
publishDate | 2007 |
publishDateSearch | 2007 |
publishDateSort | 2007 |
publisher | Palgrave Macmillan |
record_format | marc |
spelling | Sheppey, Terence Verfasser aut Sarbanes-Oxley building working strategies for compliance Terence Sheppey and Ross McGill 1. publ. New York, NY Palgrave Macmillan 2007 XXIII, 416 S. graph. Darst. txt rdacontent n rdamedia nc rdacarrier United States Sarbanes-Oxley Act of 2002 Recht Corporations Accounting Law and legislation United States Financial statements Law and legislation United States Directors of corporations Legal status, laws, etc United States Corporate governance Law and legislation United States USA McGill, Ross 1955- Verfasser (DE-588)13591843X aut http://www.loc.gov/catdir/enhancements/fy0701/2006051222-b.html Contributor biographical information http://www.loc.gov/catdir/enhancements/fy0701/2006051222-d.html Publisher description http://www.loc.gov/catdir/enhancements/fy0701/2006051222-t.html Table of contents only HBZ Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=015672202&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis |
spellingShingle | Sheppey, Terence McGill, Ross 1955- Sarbanes-Oxley building working strategies for compliance United States Sarbanes-Oxley Act of 2002 Recht Corporations Accounting Law and legislation United States Financial statements Law and legislation United States Directors of corporations Legal status, laws, etc United States Corporate governance Law and legislation United States |
title | Sarbanes-Oxley building working strategies for compliance |
title_auth | Sarbanes-Oxley building working strategies for compliance |
title_exact_search | Sarbanes-Oxley building working strategies for compliance |
title_exact_search_txtP | Sarbanes-Oxley building working strategies for compliance |
title_full | Sarbanes-Oxley building working strategies for compliance Terence Sheppey and Ross McGill |
title_fullStr | Sarbanes-Oxley building working strategies for compliance Terence Sheppey and Ross McGill |
title_full_unstemmed | Sarbanes-Oxley building working strategies for compliance Terence Sheppey and Ross McGill |
title_short | Sarbanes-Oxley |
title_sort | sarbanes oxley building working strategies for compliance |
title_sub | building working strategies for compliance |
topic | United States Sarbanes-Oxley Act of 2002 Recht Corporations Accounting Law and legislation United States Financial statements Law and legislation United States Directors of corporations Legal status, laws, etc United States Corporate governance Law and legislation United States |
topic_facet | United States Sarbanes-Oxley Act of 2002 Recht Corporations Accounting Law and legislation United States Financial statements Law and legislation United States Directors of corporations Legal status, laws, etc United States Corporate governance Law and legislation United States USA |
url | http://www.loc.gov/catdir/enhancements/fy0701/2006051222-b.html http://www.loc.gov/catdir/enhancements/fy0701/2006051222-d.html http://www.loc.gov/catdir/enhancements/fy0701/2006051222-t.html http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=015672202&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |
work_keys_str_mv | AT sheppeyterence sarbanesoxleybuildingworkingstrategiesforcompliance AT mcgillross sarbanesoxleybuildingworkingstrategiesforcompliance |