- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Sarbanes-Oxley Information Technology Compliance Audit
- Abstract
- This paper provides a basic review of the background literature (i.e. extensive but not exhaustive) and develops a process model so that a professional IT Auditor may readily appreciate the subtleties of the Sarbanes Oxley audit process. The case study is developed to illustrate some of the effects of the issues described in the literature and other issues developed in the process model. The literature, process model and case study develop sufficient detail so a professional IT Auditor may readily modify and apply it to a new audit. Experience demonstrates that the focus of IT audits conducted under the mandate of Sarbanes Oxley and its IT Section, Section 404, has important differences with the focus of a traditional IT audit.