Incident Workflow to streamline ITGC testing
2023-10-23 15:20:45 Author: securityboulevard.com(查看原文) 阅读量:2 收藏

ITGCs are required by the Sarbanes Oxley Act of 2002 (SOX) to ensure the integrity of financial reports. While SOX is focused on the propriety of your financial and accounting practices, SOX ITGC controls focus on IT systems such as applications, operating systems, databases, and the supporting IT infrastructure. 

Your SOX ITGCs ensure IT and security activities are managed and governed according to your policies and procedures and support the effective functioning of application controls by helping to ensure the proper operation of information systems. Together ITGCs and IT Application Controls (ITAC) ensure the integrity of your data and processes across the IT environment to manage and mitigate risk.

Using MonitorPaaS™, customers can now ensure that configurations, master data and transactions in scope for  ITGC and ITAC effectiveness are accurate and complete.  ERP users can verify system input and it is approved by the Control Owner. For example, the enhanced incident workflow sends an email notification to the user that made a change to a system configuration such as a three-way match or created a transaction such as a journal entry over a threshold value. The requester is prompted to justify the change request along with any supporting records that can be cross-referenced by the change approver. The log report of change requested and approved is maintained as evidence for audit evaluation.   

Customers who are using ITSM systems such as ServiceNow to request changes, can use this workflow to reduce the cost of manually reconciling and auditing change requests in ITSM systems against the changes in ERP systems.  


文章来源: https://securityboulevard.com/2023/10/incident-workflow-to-streamline-itgc-testing/
如有侵权请联系:admin#unsafe.sh