Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools

IT as part of the organization s long- and short-range plan
IT long-range plan
IT long-range planning approach and structure
IT long-range plan changes
Short-range planning for the IT function
Communication of IT plans
Monitoring and evaluating of IT plans
Assessment of existing systems
Information architecture model
Corporate data dictionary and data syntax rules
Data classification scheme
Security levels
Technological infrastructure planning
Monitor future trends and regulations
Technological infrastructure contingency
Hardware and software acquisition plans
Technology standards
IT planning or steering committee
Organizational placement of the IT function
Review of organizational achievements
Roles and responsibilities
Responsibility for quality assurance
Responsibility for logical and physical security
Ownership and custodianship
Data and system ownership
Supervision
Segregation of duties
IT staffing
Job or position descriptions for IT staff
Key IT personnel
Contracted staff policies and procedures
Relationships
Annual IT operating budget
Cost and benefit monitoring
Cost and benefit justification
Positive information control environment
Management s responsibility for policies
Communication of organization policies
Policy implementation resources
Maintenance of policies
Compliance with policies, procedures, and standards
Quality commitment
Security and internal control framework policy
Intellectual property rights
Issue-specific policies
Communication of IT security awareness
Personnel recruitment and promotion
Personnel qualifications
Roles and responsibilities
Personnel training
Cross-training or staff backup
Personnel clearance procedures
Employee job performance evaluation
Job change...