The Missing Link to Sarbanes-Oxley compliance: IT Application Controls

Over the last three years, management has focused on manual accounting controls and general IT controls. However, the processing of transactions is performed through specific applications such as ERP systems to generate financial statements. Typically, accountants have depended on automated controls to be working effectively. However, under the Sarbanes-Oxley (SOX) Act requires these controls to be evaluated since these controls are necessary to ensure the information processed is complete, accurate, valid and is restricted to the appropriate personnel.

IT Applications and their associated controls are the link between the IT general controls and accounting controls due to the fact that accounting information is processed through these applications and the quality of information is dependent on these automated controls working effectively. Because of the limited emphasis we placed on these controls and the fact all financial data must flow through these application systems, IT application controls are the "missing link" between accounting controls and IT general controls.

Challenges with IT Applications Controls

Most CIOs are deeply familiar with IT general controls but may not be as intimately familiar with the specific IT applications and their controls. Generally speaking, IT application controls are the responsibility of the application user. However, if the application user is not capable of evaluating and executing parts of these controls, the effectiveness of these controls may come into question.

SCG recognizes that small and medium enterprises can be challenged with understanding and evaluating IT Application controls under the Sarbanes-Oxley (SOX) Act. SCG can perform IT Application Controls Assessments that caters to small enterprises' needs while balancing the challenges of quality, cost and effectiveness.

Purchase the "IT Applications Road Map"

To assist small and medium enterprises to overcome limited resources and minimize costs, SCG has developed an IT Applications Road Map which can be purchased to comply with IT application requirement under SOX. The IT Applications Road Map is a "plug and play" project plan and content to help companies get ahead of the curve.

To purchase this content, "IT Applications Road Map" click here.

Purchase IT Applications Training

SCG also offers IT Application controls training which can help empower IT professionals and process owners to gain hands-on learning in this area.

To purchase the training class " IT Applications Control Review" , click here.