Hackers are real-time. Are you?
From a Sarbanes-Oxley Section 404 perspective, any breach in IT security represents a risk to an internal system– including those covered by the standards implicit in section 404’s mandates. Since IT underlies the very business of recording and reporting all financial activity, it follows that a lack of control over IT security would imply a lack of control over the organization’s financial reports, in direct violation of SOX section 404.
By Phil Hollows at the Sarbanes-Oxley Compliance Journal.
[ Read more ]