Chapter 8. Using ITIL to Align IT with Business Processes

As previous chapters have demonstrated, the world of Sarbanes-Oxley (SOx) is filled with a stream of acronyms, such as AS5, CobiT (Control Objectives for Information Technology), COSO (Committee of Sponsoring Organizations), and the PCAOB (Public Company Accounting Oversight Board). They have all become sort of shorthand that allows professionals to identify and describe some of the key processes that support enterprise SOx compliance. ITIL (Information Technology Infrastructure Library), introduced in Chapter 1, is yet another acronym that soon should become much more familiar to enterprises seeking SOx internal control compliance over their information technology (IT) infrastructure operations. ITIL describes recommended best practices for IT service support and service delivery processes, such as how to investigate and solve reported problems called into the operations help desk. These are the best practices and processes that are necessary for IT to process its applications in an efficient and well-controlled environment.

ITIL best practices were first developed in the 1980s by the British government's Office of Government Commerce (OGC)—formerly called the Central Computer and Telecommunications Agency. ITIL is a vendor/supplier-independent collection of best practices that have become widely observed in the IT service industry, first in the United Kingdom, then in the European Union (EU), next in Canada and Australia, ...

Get Sarbanes-Oxley Internal Controls: Effective Auditing with AS5, CobiT, and ITIL now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.