The Sarbanes-Oxley Compliance Of IT Controls

Finance frauds, such as the Enron and the WorldCom, showed that among many listed corporations, internal controls were out of control. So the Sarbanes-Oxley Act (SOX) was passed by the USA Congress and signed into law in 2002, and internal controls were more and more focused on. With deep development and wide application on IT, organizations became realizing automated applications. IT took a critical part in the Sarbanes-Oxley compliance instead of a small part of the internal controls. Therefore, IT controls would capture our attentions more and more.The dissertation introduced the development of internal controls theories and the provisions of Sarbanes-Oxley for internal controls. Then gave the definition of IT controls and discussed the effect of IT on internal controls. With combination of the framework of IT controls—COBIT, the dissertation discussed the Sarbanes-Oxley compliance of IT controls, and gave a case study of internal controls compliance taking telecommunication enterprise for instance. It also showed a road map of 6 steps for Sarbanes-Oxley compliance of IT controls: (1) Plan and Scope IT Controls; (2) Assess IT Risk; (3) Identify Controls and Document; (4) Evaluate Control Design and Operating Effectiveness; (5) Identify Controls Deficiencies and Remediate Deficiencies; (6) Build Sustainability. The compliance road map of 6 steps could aid in the development of the internal control program for most enterprises. Also COBIT supplied an appropriate framework tool for the Sarbanes-Oxley compliance.The innovations of this dissertation are: (1) Analyzing internal control theories and the effect of IT on internal controls, try to give a definition of IT controls; (2) Introducing the newest research of ISACA—COBIT 4.1, aligning with COSO, PCAOB and Sarbanes-Oxley; (3) With the compilation of international researches, showing the compliance method of IT controls.