The IT Internal Control Framework: Sarbanes-Oxley, ITIL, COSO and COBIT

ITIL is the acronym for the "IT Infrastructure Library" guidelines developed by the CCTA (now OGC) in Norwich, England, for the British government. ITIL provides a framework to ensure "A professional approach is reflected in IT Services being delivered in such a way that they provide optimum support to business process and employees."

Accordingly, Vendors/IT departments providing/sourcing solutions for their internal requirements should provide/source solutions that achieve the greatest level of support to business processes and employees. Resonance aims to provide best practice asset management solutions that aid legislative/internal control requirements while providing real time user friendly information. Further information on the framework is provided below.

These links provide access to information on solutions to automate IT management processes and increase your internal control;

Application Management
Availability Management
Capacity Management
Configuration Management & CMDB
Change Management
Financial Management for IT
Incident Management
IT Service & Continuity Management
Proactive Problem Management
Release Management
Service Management
Service Level Management

Satisfy Sarbanes-Oxley, ITIL, COSO and COBIT for Effective IT Internal Control Framework.

The Information Systems Audit and Control Association (www.isaca.org) has reported that a number of recently issued documents are the result of continuing efforts to define, assess, report on, and improve internal control.

They are,

1. COBIT which incorporates as part of its source documents both COSO and SAC.
2. COSO which uses the internal control concepts in both SAS 55 and SAC
3. SAC in SAS 55 and SAS 78 which amends SAS 55 to reflect the contributions to internal control concepts made by COSO.

Furthermore, the introduction of the Sarbanes-Oxley Act places strict requirements of directors and financial officers to ensure their systems have acceptable controls in place when signing off on accounts. Accordingly, Sarbanes-Oxley, COBIT and COSO provide a framework for organisations to meet regulatory requirements. By implementing control procedures using COSO directives, COBIT business and IT Governance Objectives can be satisfied. Once these control procedures are functioning correctly, directors and corporate boards will be able to sign off financial reports as required under s302 and s404 of Sarbannes-Oxley Act with the knowledge that they are in compliance.

How Do Resonance Solutions help with these Requirements?

'Today's best practice policies become tomorrow's standards'

Giga Group research has referred to Asset Insight as the 'de facto' standard in IT Asset Management. Consistently Asset Insights completeness of vision and ability to execute has made it the leader in Asset Discovery. This has continued to be the case as product improvements and additional modules, including Enterprise Insight and Oversight have anticipated the need for tighter IC policies. This has made the use of a Unified Database to manage IT infrastructure a necessity. Furthermore, Oversight now offers controls over access rights down to file and application level. It allows an organisation to immediately deploy policies that keep users from executing, reading, copying, renaming, or deleting files. For example, a user can be stopped from accessing P2P programs anywhere on the network.

By satisfying COBIT IT governance objectives a Unified Asset Management System saves time, staffing requirements and costs in Monitoring areas of COBIT. These savings are ongoing. External Auditors will gain a level of assurance over the adequacy of Internal Controls, Asset location and existence, budgeting will improve and risk is reduced because effective IT Asset Management Procedures are in place.

Please contact us and we will be able to provide you with a discussion paper on the ability of ITAM solutions to satisfy COSO, COBIT and ITIL governance control and business objectives.

Why Meet these requirements?

Organisations themselves should look at this as an opportunity - as the chairman SEC states,

"if companies/organisations view the new laws as opportunities—opportunities to improve internal controls, improve the performance of the board, and improve their public reporting—they will ultimately be better run, more transparent, and therefore more attractive to investors. "

Please note:

"ITIL ® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office. Use of ITIL on this page does not imply endorsement by any government department ".