Advanced search
Publication Cover
EDPACS
The EDP Audit, Control, and Security Newsletter
Volume 33, 2005 - Issue 2
Journal homepage
81
Views
2
CrossRef citations to date
0
Altmetric
Original Articles

Sarbanes–Oxley and Enterprise Security: It Governance and What it Takes to Get the Job Done

William Brown An assistant professor at Minnesota State University–Mankato, College of Business. His professional experience includes teaching management information systems at both the undergraduate and graduate levels and serving for more than 25 years as a financial officer. As a financial officer, he served as a chief financial officer in three companies that were Securities and Exchange Commission registrants. His education includes an MBA, a CPA, an MS in software engineering, and a Ph.D. in management information systems.
&
Frank Nasuti Served as a visiting and adjunct professor at Nova Southeastern University, Widener University, Temple University, and Rutgers University, teaching research methods, computer science, and accounting at both the doctoral and master's levels. His professional experience includes law enforcement as a special agent/criminal investigator, IT audit manager for a Big 4 accounting firm, internal audit director for a financial services company, and senior managing director for a major consulting firm. He founded The Institute for Internal Controls, a professional certification and research organization. His education includes a BS in accounting, an MBA in management, an MS in information science, and a Ph.D. in information systems. He is a CPA and holds the designations of certified internal controls auditor and certified fraud examiner.
Pages 1-20 | Published online: 21 Dec 2006
 
Sample our Information Science journals, sign in here to start your FREE access for 14 days

Abstract

Several sections of the Sarbanes–Oxley Act of 2002 (SOX) directly affect the governance of the information technology (IT) organization, including potential SOX certification by the chief information officer, Section 404 internal control assessments, “rapid and current” disclosures to the public of material changes, and authentic and immutable record retention. The Securities and Exchange Commission (SEC) requires publicly traded companies to comply with the Treadway Commission's Committee of Sponsoring Organizations that defines enterprise risk and places security as a critical variable in enterprise risk assessment. Effective IT and security governance are examined in terms of SOX compliance. Motorola IT security governance demonstrates effective structures, processes, and communications; centralized security leaders participate with the Management Board to create an enabling security organization to sustain longterm change.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.