By now, most large companies have had to comply with Section 404 of the Sarbanes-Oxley Act, which mandates that chief executives certify that their companies have controls in place to ensure the accuracy of financial reporting. To achieve initial compliance, IT departments typically worked with auditors to activate application controls within enterprise resource planning packages such as those from SAP AG, Oracle Corp. and its PeopleSoft unit for Section 404 compliance.
In general, software control points are based on the COSO (The Committee of Sponsoring Organizations of the Treadway Commission) framework, created prior to passage of SarbOx to help identify where controls should be placed. However, it took the Sarbanes-Oxley Act of 2002 to spur widespread adoption of these guidelines.
See full Article.
Posts
