Sarbanes Oxley 404 requirements apply to any system that processes or maintains financial data. In todays corporate world, all financial records are stored, accessed and maintained in an electronic format. Needless to say it is important for any organization to protect such systems from information security risks. To speak from an IT auditors perspective, organizations need to protect the confidentiality, integrity and availability of their financial applications and systems.

I have mentioned this many times before, one of the first steps in strong compliance is through strong policy level documents. Organizations need to understand that specific policies need to exist for securing financial applications. General examples of such policies would include:

1. Password Management
2. Access Control Policy
3. Change Management
4. User Authentication
5. Application Development
6. Overall Information Security Policy.

The above are just a few examples of policies, that can be put in place. Adequately securing financial applications and systems definetly forms part of the overall IT control environment which gets tested during SOX compliance. Good controls over financial applications can go a long way in giving comfort to the external auditors in issuing a clean SOX 404 audit report.

Related Posts

Section 404 IT Implementation Best Practices
Four Steps in Designing Internal Controls
Corporate Code of Ethics
Fraud Risk Management - Steps to Treat Fraud