Sarbanes Oxley Framework
sarbanes oxley framework
SOX and Information Technology?
Can anyone tell me WHERE in the Sarbanes-Oxley Act of 2002 it says that programmers cannot touch production systems? I know SOX 404 speaks to an internal IT control framework, but I cannot find where it specifically requires by law that programmers not have access to production systems (db servers, etc). I do not argue the validity of this being “best practice”, however I doubt it is “against the law”.
Programmers being on production systems is not contrary to SOX compliance. That would be an unreasonable expectation given that programmers often need to fix production code or applications on-the-fly. Companies could potentially end up losing so much money they would fight tooth-and-nail to keep such a thing from being illegal. There is a recognized need for programmers to be in production, especially in emergency situations.
That being said, as you stated, it is not best practice to have programmers in production on a regular basis. That is what development and testing environments are for during the pre-production process. Production is not the place for programmers to test or develop their code.
What is an Active Compliance Framework?
|
|
Enterprise Risk Management Best Practices: From Assessment to Ongoing Compliance (Wiley Corporate F&A) $33.32 High-level guidance for implementing enterprise risk management in any organizationA Practical Guide to Risk Management shows organizations how to implement an effective ERM solution, starting with senior management and risk and compliance professionals working together to categorize and assess risks throughout the enterprise. Detailed guidance is provided on the key risk categories, including fin… |
|
|
Sarbanes-Oxley Internal Controls: Effective Auditing with AS5, CobiT, and ITIL $58.66 Sarbanes-Oxley Internal Controls: Effective Auditing with AS5, CobiT, and ITIL is essential reading for professionals facing the obstacle of improving internal controls in their businesses. This timely resource provides at-your-fingertips critical compliance and internal audit best practices for today’s world of SOx internal controls. Detailed and practical, this introductory handbook will help yo… |
|
|
A strategic framework for governance, risk, and compliance.(STRATEGIC MANAGEMENT): An article from: Strategic Finance $9.95 This digital document is an article from Strategic Finance, published by Institute of Management Accountants on February 1, 2009. The length of the article is 1582 words. The page length shown above is based on a typical 300-word page. The article is delivered in HTML format and is available immediately after purchase. You can view it with any web browser.Citation DetailsTitle: A strategic framewo… |
