Ivan:
Eu complementaria dizendo - simplificando - que para TI esta lei trata de *Controles Internos* para reduzir os riscos nos processos de constru��o dos demonstrativos financeiros. E isto, controles internos, � uma coisa que o pessoal de TI � geralmente muito pouco versado. Seguran�a de informa��es � um dos pilares de controles internos. Esta lei ficou pol�mica pois exige que o CEO/CFO tri-mestralmente atestem pessoalmente a qualidade dos controles internos, e anualmente isto deve ser feito tamb�m como uma auditoria externa. E a pena pode ser cadeia para os CEO/CFO. Por este motivo, talvez muitos estejam colocando esfor�o 'de mais' no assunto, mas ningu�m quer correr o risco de colocar esfor�o 'de menos'. Quanto a documenta��o, a lei n�o especifica claramente que oque deve constar na documenta��o (flowcharts, narrativas, question�rios...). Como a lei sugere um framework de governan�a chamado COSO, n�s temos trabalhando utilizando como roteiro o recente mapeamento do COSO com o Cobit. Assim, existem alguns processos em que a documenta��o � simples (i.e. question�rio), enquanto para outros (i.e. PROGRAM DEVELOPMENT AND PROGRAM CHANGE; COMPUTER OPERATIONS AND ACCESS TO PROGRAMS AND DATA) o processo � bem detalhado, com identifica��es dos controles, evid�ncias, etc. A at� quem sugira a cria��o de um BINDER (book impresso com todos os processos e controles de TI bem documentados, algumas evid�ncias impressas, exemplos de formul�rios utilizados, etc...) Talvez tenha sorte em... HYPERLINK "http://www.sox-online.com/"http://www.sox-online.com/ Sds Cristiano _____ From: Cunha, Andre Luis M (A.C.) [mailto:[EMAIL PROTECTED] Sent: ter�a-feira, 15 de junho de 2004 11:07 To: [EMAIL PROTECTED] Subject: RE: [itsm_br] Material ITIL em Portugu�s Ivan, O Sarbanes Oxley, tamb�m conhecido como SOX, � uma nova lei americana que exige que as empresas tenham certifica��o em seguran�a da informa��o. O projeto em que atuo est� em processo de certifica��o. O que posso disponibilizar para voc� � este texto abaixo que talvez o ajude. A DOZEN THINGS YOU SHOULD KNOW ABOUT THE SARBANESOXLEY (SOX) What is SOX? SOX was developed by Senator Paul Sarbanes and U.S. Representative Michael G. Oxley. It is a new law for managing financial records of publicly traded companies resulting from recent record keeping failures in corporate accounting and financial documents (one example is Enron). With the act, Congress gave prosecutors and the Securities and Exchange Commission (SEC) new tools to oversee the financial reporting. It also created the Public Company Accounting Oversight Board (PCAOB) to specifically oversee the accounting industry's role in the auditing and reporting of the financial soundness. The law has several provisions that address corporate governance, corporate conduct and the accuracy and completeness of a company's financial reporting. Once completed, SOX requires top company executives such as the CEO, CIO, and CFO to sign legal documentation validating that their company is compliant. What should SOX achieve? The federal goals of SOX are: A. To restore investor confidence in public markets B. Strengthen internal financial checks and balances C. Ensure that all corporations implement adequate internal financial control structure D. Assess effectiveness of corporate financial accountability on an annual basis What are the requirements of SOX? In other words, what are external auditors going to be looking at? The requirements are: A. Control mechanisms to validate accuracy of all financial statement disclosures B. Documentation of all financial control processes (business and systems) C. Traceability from financial statements to financial transactions D. Rapid fraud detection capabilities E. Annual monitoring of financial controls effectiveness What happens if a company does not comply? For any company that does not comply, there will be serious legal consequences for the company and individuals. Additionally, the following adverse effects are also possible: A. Punitive financial measures from federal government B. Loss of Shareholder Value in financial markets C. Negative media D. Increased scrutiny and cost on SOX compliance E. Employee Termination Application Controls A. Transaction balancing controls B. Data validation controls C. Data reasonability controls D. Data range controls Att., __________________________ SIEMENS Global Network of Innovation Andr� L. M. Cunha Network Analyst __________________________ -----Original Message----- From: ivan [mailto:[EMAIL PROTECTED] Sent: Monday, June 14, 2004 16:07 PM To: [EMAIL PROTECTED] Subject: Re: [itsm_br] Material ITIL em Portugu�s Ola Pessoal, Sei q a lista trata-se de ITIL, porem, alguem esta por dentro dos processos de documentacoes denominado "Sarbanes Oxley"? Estou na procura de exemplos de documentacoes....porem nao encontro... abracos :] -- Ivan Franco AIM: ifrancobr ICQ: 57455107 MSN: [EMAIL PROTECTED] ** fazendo mais amigos no Orkut do q na vida real ** :) --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.701 / Virus Database: 458 - Release Date: 7/6/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.701 / Virus Database: 458 - Release Date: 7/6/2004 [Non-text portions of this message have been removed] ------------------------ Yahoo! Groups Sponsor --------------------~--> Yahoo! Domains - Claim yours for only $14.70 http://us.click.yahoo.com/Z1wmxD/DREIAA/yQLSAA/67folB/TM --------------------------------------------------------------------~-> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Lista ITSM_BR - Gest�o de TI - Mantida por Gilberto Biasoto - Network Designers - http://www.networkdesigners.com.br - ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Para de descadastrar envie email para: [EMAIL PROTECTED] --- Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/itsm_br/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
