The Joy of SOX: Why Sarbanes-Oxley and Services Oriented Architecture May Be the Best Thing That Ever Happened to You

Description

• The Sarbanes-Oxley Act (SOX) was passed in 2002 in response to a series of high-profile corporate scandals and requires that public companies implement internal controls over financial reporting, operations, and assets; these controls depend heavily on installing or improving information technology and business methods
• Written by one of the most visible personalities on the tech-biz side of the SOX discussion, this highly readable, engaging book provides a clear road map for integrating SOX compliance into the fabric of everyday IT infrastructure and business practice
• Shows the reader how to leverage and use service-oriented architecture (SOA), a set of technologies that enables interoperation of heterogeneous computer systems, to achieve the level of internal controls over IT that SOX mandates

 

Table of Contents

Acknowledgements.

Introduction.

Part 1: The SOX Paradox.

Chapter 1: The Trouble with DexCo.

The Curse of the Adequate Performer.

A Functioning Mess.

Financials.

Hidden Time Bombs.

Summary.

Chapter 2: Agility: The Do or Die Mandate.

New Blood, New Operating Environment.

Moving Targets.

Partnerships.

Rapid Market Cycles.

Technology Shifts.

M&A.

Retail Consolidation.

Regulatory Shift.

Betting the Company.

Outsourcing.

Agility for DexCo.

The Wilde Plan.

Summary.

Chapter 3: Ramifications of SOX 404.

SOX 404—Definition and Context.

SOX 404 and the Audit Process.

COSO at DexCo.

Control Objectives.

Control Components.

Control Environment.

Risk Assessment.

Control Procedures.

Information and Communication.

Monitoring.

Why Linda Is Freaking Out.

Summary.

Chapter 4: Between SOX and a Hard-Coded Place.

Internal Controls and Business Processes.

Internal Controls and Information Technology.

Control Points.

Interdependent Controls.

The FAST Track to a Control Breakdown.

Broken Control Points.

Summary.

Chapter 5: Commit to COBIT?

This Is a High Stakes Game.

Strong Medicine: COBIT.

COBIT: Where IT Enables Controls.

Components of COBIT.

COBIT and Sarbanes Oxley.

COBIT in Depth: The DS 11 Process.

Control Statements.

Key Goal Indicators.

Key Performance Indicators.

Critical Success Factors.

Maturity Models.

Implications of DS 11’s Maturity Scale.

Summary.

Chapter 6: COBIT for Mere Mortals.

The 80/20 Heat Map.

COBIT Implementation.

Finding the Hot Areas for COBIT.

Deep Dive—Maturity of COBIT in a Hot Area.

Deeper Dive—COBIT Issues for a Specific Function.

Deep Dive—Circle Back to COSO.

COBIT and People.

Paying the Tab for COBIT.

DexCo’s Next Steps on COBIT.

Summary.

Chapter 7: The Pain of SOX.

COSO, COBIT, and Controls versus the Wilde Plan.

Flex-acturing.

Distribution.

Marketing.

Organizational Changes.

The Lose-Lose-Lose Proposition.

Think Globally but Act Recklessly.

Comply and Die.

The Remediation Doom Loop.

Non-Compliance Penalties.

Jim’s Big Question.

Summary.

Part II: Thinking Outside the SOX.

Chapter 8: What If?

Back at the Ranch.

Defining Agile Compliance.

Compliance as a Driver of Positive Change.

It’s Happened Before.

Summary.

Chapter 9: The Technology of Agile Compliance.

Living Up to Potential.

The Four Questions.

Mapping Business Process and IT Architecture.

Contractual Relationships.

Process Flow.

IT Architecture.

Is Flex-Acturing Under Control?

Will It Flex?

Answering Dale’s Questions.

What It Will Take to Flex.

Summary.

Chapter 10: The Organization of Agile Compliance.

Challenges to the Agile, Compliant Organization.

Tone at the Top Revisited.

The Accounting Organization.

The IT Organization.

Territoriality, Silos, and Culture.

Requirements for an Agile, Compliant Organization.

Summary.

Chapter 11: The Walk-Through.

Dale’s Need for an Overview.

Agile Compliance—The IT Plan.

Business Process Modeling and BPEL.

Unified Online Workspace.

Centralized User Management.

Application Development and Integration Process.

Agile Compliance and IT—The Sum of Its Parts.

Agile Compliance—The Organizational Plan.

The Agile Compliance Process Plan.

Troubleshooting.

Summary.

Chapter 12: The Pay Off.

Investing in Agile Compliance.

Return on Agile Compliance Investment.

Lower Cost of Compliance.

Operational Savings.

Agility.

Realizing the Wish List.

Summary.

Part III: Actually Doing It—For Real.

Chapter 13: IT Solutions for Agile Compliance.

Defining SOA.

Enterprise Service Bus.

SOBA.

On-Demand Software.

The Promise of SOA for Agile Compliance.

Even a Magic Bullet Can Kill You.

Summary.

Chapter 14: SOX Software.

Taxonomy of SOX Packages.

Shared Workspace.

Documentation Management.

Financial Coordination.

Exception Monitoring .

Internal Controls Modules.

Realizing the Potential of SOX Software.

Putting the SOX Packages into a Compliance Architecture.

SOX Packages and the DexCo Agile Compliance Plan.

Summary.

Chapter 15: FAST or Slow?

SOA for DexCo’s Agile Compliance.

The Agile Compliance Scorecard.

Scoring the Business Processes.

The Next Level: Scoring the Systems.

Back to Reality.

Summary.

Chapter 16: Conclusion.

Consensus.

The Future .

Appendix A: Glossary.

Appendix B: Resources.

Government Bodies and Organizations.

Audit Firms and Analysts That Publish Sarbanes Oxley Research.

Online Resources.

Bibliography.

Books.

Articles.

Reports and White Papers.

Index.

描述

《薩班斯-奧克斯利法案》（SOX）於2002年通過，作為對一系列引人注目的企業醜聞的回應，要求上市公司在財務報告、運營和資產方面實施內部控制；這些控制在很大程度上依賴於安裝或改進信息技術和業務方法。

這本易讀且引人入勝的書由SOX討論中最具知名度的技術商業人物之一撰寫，為將SOX合規整合到日常IT基礎設施和業務實踐中提供了清晰的路線圖。

本書向讀者展示如何利用面向服務的架構（SOA），這是一套使異構計算機系統互操作的技術，以實現SOX要求的IT內部控制水平。

目錄

致謝。

引言。

第一部分：SOX的悖論。

第1章：DexCo的麻煩。

充足表現的詛咒。

一團亂糟糟的功能。

財務狀況。

隱藏的定時炸彈。

總結。

第2章：敏捷性：生死命令。

新鮮血液，新的營運環境。

移動目標。

合作夥伴關係。

快速市場周期。

技術轉變。

併購。

零售整合。

監管轉變。

賭上公司。

外包。

DexCo的敏捷性。

Wilde計劃。

總結。

第3章：SOX 404的影響。

SOX 404-定義和背景。

SOX 404和審計過程。

DexCo的COSO。

控制目標。

控制組件。

控制環境。

風險評估。

控制程序。

信息和溝通。

監控。

為什麼琳達感到恐慌。

總結。

第4章：在SOX和一個硬編碼的地方之間。

內部控制和業務流程。

內部控制和信息技術。

控制點。

相互依賴的控制。

控制失效的快速通道。