SOX Compliance: Eleven Essential Controls for the SME
February 27, 2008 12:00 PM
By: Ross Armstrong
Small to mid-sized enterprises (SMEs) can benefit from implementing control objectives for governance, compliance, and improved security. The Securities and Exchange Commission’s (SEC) recent Sarbanes-Oxley (SOX) announcement puts an end to several years of speculation, so SMEs must get on top of their control game.
Executive Summary
Sarbanes-Oxley (SOX) is here to stay for small to mid-sized enterprises (SMEs), which the Securities and Exchange Commission (SEC) defines as any publicly traded company with less than $75 million in market capitalization. Despite the fact that auditing standards have been adjusted for smaller organizations, many SMEs still need to prioritize and strengthen those internal IT controls that protect information assets.
The Information Systems Audit and Control Association (ISACA) is the organization that sets standards for auditing and grants certification to auditors. New studies from ISACA pinpoint the top controls that are the most important for SMEs. This research note discusses:
» The latest SOX developments in the SME space.
» Key findings from the ISACA study.
» Which tactics SMEs can use to satisfy internal IT controls.
SMEs must implement control objectives for compliance and improved security, but have limited means to do so. The ISACA study prioritizes the most important IT controls so that SMEs can get on top of their control game.
Optimization Point
Sarbanes-Oxley (SOX) was enacted in 2002 as an anti-fraud measure in the wake of large accounting scandals such as Enron and WorldCom. Until recently, the Securities and Exchange Commission (SEC) applied the ...