Professional Documents
Culture Documents
IT governance issues that are addressed by SOX and the COSO internal control framework.
These are:
1. Organizational structure of the IT function
2. Computer center operations
3. Disaster recovery planning
Centralized data processing model - all data processing is performed by one or more large
computers housed at a central site that serves users throughout the organization.
Separating New Systems Development from Maintenance this approach is associated with
two types of control problems:
● inadequate documentation and
● the potential for program fraud.
• Review the current organizational chart, mission statement, and job descriptions
• Verify that corporate policies and standards
• Verify that compensating controls,
• Review systems documentation
areas of potential exposure that can impact the quality of information, accounting records,
transaction processing, and the effectiveness of other more conventional internal controls.
● Physical Location
● Construction
● Access
● Fire suppression
● Air conditioning
● Fault tolerance