,250 1,283,385 1,337,935 4% 732,100 1,037,100 1,716, , ,200 1,301, ,935,450 3,143,685 4,355, F

Size: px

Start display at page:

Download ",250 1,283,385 1,337,935 4% 732,100 1,037,100 1,716, , ,200 1,301, ,935,450 3,143,685 4,355, F"

あおいかせ
5 years ago
Views:

1 SOX IT IT JETRO/IPA NY SOX Sarbanes-Oxley Act SOX SOX IT IT IT 2. SOX Foley & Lardner SOX SOX CFO CFO Financial Executive International FEI SOX

2 ,250 1,283,385 1,337,935 4% 732,100 1,037,100 1,716, , ,200 1,301, ,935,450 3,143,685 4,355, FEI SOX 94 SOX Foley & Lardner LLP SOX S&P S&P 45 S&P 46 IT Forrester Research IT 77 SOX IT 3. SOX IT SOX 100 SOX IT IT Internal Control COSO Internal Control - Integrated Framework - 2 -

3 Robert Francis Group 2003 SOX 95.7 IT 100 SOX IT IT CFO (1) IT CFO SOX 404 CFO IT CIO SOX IT CIO IT CEO CIO CIO IT CFO SOX CFO IT IT CFO CFO SOX IT SOX SOX IT IT SOX SOX IT - 3 -

4 (2) SOX SOX IT Public Company Accounting Oversight Board: PCAOB No.2 Auditing Standard No. 2, An Auditing of Internal Control Over Financial Reporting Performed in Conjunction With an Audit of Financial Statements service organization PCAOB PCAOB SOX 3 a

5 b. c. c. 70 Statement on Auditing Standards 70 SAS70 American Institute of Certified Public Accountants: AICPA SAS70 (3) SOX IT SOX Cyber Security Industry Alliance: CSIA SOX PCAOB SOX 404 SOX Keith Pasley Developer.com SOX Statute Summary Threat Possible Requirement Requires Unauthorized Authenticate data using strong data executives to modification of integrity controls secure hash of data, certify the data; data fraud row level encryption, provide detailed accuracy of user level logging of access and data corporate financial change events reports. Section 302 Corporate Responsibility for Financial Reports Section 404 Management Assessment of Internal Controls Requires executives and auditors to confirm the effectiveness of internal controls for financial reporting. Unauthorized access to data, data deletion Robust access controls, interoperable with enterprise authentication, access and auditing - 5 -

6 Section 409 Real Time Issuers Disclose Requires any material changes in financial state of issuer be communicated quickly and with supporting data to the public. Non-Availability of data, data recoverability issues, backup, and restore Data mirroring, Application resilience against DoS, unauthorized application shutdown, data properly recorded and reported IT SOX Forrester Research SOX CSIA IT SOX IT Security and Sarbanes-Oxley Compliance: A Roundtable Dialogue of Lessons Learned IT SOX 5-6 -

7 SOX SOX SOX IT SOX IT CEO 404 IT IT IT CEO IT SOX COSO 404 Committee of Sponsoring Organization COSO of the Treadway Commission COSO COSO COSO SOX 404 (4) SOX SOX SOX - 7 -

8 Master Card International SOX Nextel Sprint Nextel Corporation SOX Deloitte & Touche PricewaterhouseCoopers SOX SOX 1000 SOX SOX CFO Chris McWilton SOX Thor Technologies Xellerate Identity Manager 9 SOX - 8 -

9 SOX Health Insurance Portability and Accountability Act: HIPAA 4. SOX (1) SOX IT SOX IT IT IT IT Governance Institute: ITGI SOX IT IT Control Objectives for Sarbanes-Oxley SOX IT IT COBIT COSO SOX IT ERP IT SOX IT SOX PCAOB No.2 An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements IT SOX IT ITGI SOX IT COBIT Control Objectives for Information and related Technology - 9 -

10 3 IT IT IT IT IT IT SOX IT ERP IT SOX IT IT SOX IT ITGI IT IT

11 IT IT IT SOX IT COBIT COSO ITGI IT Control Objectives for Sarbanes-Oxley IT ITGI COBIT SEC COSO IT ITGI SEC COSO COSO COBIT COSO

12 COBIT COBIT (Control Objectives for Information and related Technology) Information System Audit and Control Association ISACA ITGI IT 5 COBIT IT ITGI COBIT IT IT IT IT control environment IT IT IT IT PCAOB Computer operations IT Access to programs an data Program development and program change

13 COSO SEC COSO (Committee of Sponsoring Organizations of the Treadway Commission) SOX SEC COSO COSO 1985 National Commission on Fraudulent Financial Reporting Committee of Sponsoring Organizations of the Treadway Commission Treadway Commission COSO 5 IT COSO Control environment IT IT IT IT Risk assessment IT SOX IT IT SOX

14 Control activities IT IT COSO general controls Information and communication IT COSO IT COSO 4 Monitoring IT 2 IT IT IT COBIT COSO ITGI COBIT IT COSO COSO COBIT COBIT IT

15 COSO COBIT IT COSO COBIT Plan and Organize IT IT strategic planning Information architecture Determine technological direction IT organization and relationship Manage the IT investment Communication of management aims and direction Management of human resources Compliance with external requirements Assessment of risks Manage projects Acquire and Implement Management of quality Identify automated solutions Acquire or develop application software Acquire technology infrastructure Develop and maintain policies and procedures Install and test application software and technology infrastructure Deliver and Support Manage changes Define and manage service levels Manage third-party services Manage performance and capacity Ensure continuous service Ensure systems security Identify and allocate costs Educate and train users Assist and advise customers Manage the configuration Manage problems and incidents Manage data Manage facilities

16 Mange operation Monitor and Evaluate IT Monitoring Adequacy of internal controls Independent assurance Internal audit ITGI SOX IT SOX 1. Plan and Scope IT SOX 2. IT Performa risk assessment 2 3. COSO Identify significant accounts/controls

17 4. SOX Document control design IT IT 5. IT Evaluate control design 6. Evaluate operational effectiveness 7. Identify and inconsequential shortcoming remediate deficiencies significant deficiency material weakness 8. Document process and results 9. Build sustainability (2) SOX SOX 404 SEC

18 IT 2 reasonable assurance SEC 404 SEC 404 SEC IT IT SOX 404 ITGI

19 IT IT IT IT SEC judgment IT 404 IT IT IT COBIT 5. SOX IT 1 SOX Y2K IT SOX IT IT SOX Y2K Hackett Group ERP SOX Y2K Meta Group SOX IT

20 92 SOX AMR AMR Research 65 ERP ERP SOX IT Y2K IT 92 SOX 57 SOX CFO SOX CFO SOX IT IT SOX IT SOX SOX ERP IBM SOX SOX SOX AMR IT SOX 404 IT IT (2) IT SOX IT SOX Oracle HP Sun Microsystems Hitachi Data Systems

21 Internet Law & Policy Forum: ILPF Electronic Information Working Group: CMEI ILPF 1995 CMEI CMEI Harld Collet CMEI SOX 60 SOX CMEI (3) IT SOX 404 Y2K IT SIM SOX 404 ERP SOX 404 ERP ERP 404 ERP ERP

22 404 Oracle Internal Controls Manager SOX 404 PeopleSoft Enterprise Internal Controls Enforcer SAP Compliance Management for Sarbanes-Oxley Act SOX 404 ERP SOX CEO CFO 302 CEO CFO SOX SOX OpenPages 1 Sarbanes-Oxley Express SOE 4 SOX SOE COSO

23 SIM SOX HIPAA Ptak, Noel & Associates SIM SIM Intellitactics SIM Network Security Manager NSM NSM Security Manager Security Manager Security Reporter

24 E=/ContentManagement/ContentDisplay.cfm gedisplay.cfm&tplid=55&contentid=

本文／ＹＡＺ１７２Ｐ

本文／ＹＡＺ１７２Ｐ 2004 2005 2006 2007 Committee of Sponsoring Organizations of Treadway Commission COSO 1992 Internal Control-Integrated Framework COSO 1 1 COSO 2009 7 27 2009 9 11 21 1956 1980 1986 MBA 1980 2006 1990 1993