Unraveling controls

For all the differences in opinion surrounding its implementation, one thing the Sarbanes-Oxley Act of 2002 (SOX) did was demystify the language of internal controls. What was once seen as the domain of audit, security and compliance personnel became common currency, whether amongst system developers and administrators, or management and reporting staff. When engaged in efforts to build or sustain controls however, it can be easy to become entangled in control-speak – manual versus automated controls, or those that comply with the recent Model Audit Rule (MAR), or the updated Payment Card Industry Data Security Standard (PCI DSS) – rather than uncovering the true underpinnings of good control design.

I invite ...

Get Compliance by Design: IT Controls that Work now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.