Or––2. Part 2Mr. Mingus, The Sarbanes-Oxley Act of 2002 did not specifically mention any compliance requirement for accounting processes employing IT in Section 404. More importantly, there was no specific mention of the controls that needs to be established in IT firms in order to conform to the Sarbanes-Oxley. In the absence of this essential element, IT firms employ a variety of IT standards for their internal controls (Lahti, Peterson & Lanza, 2005). Two of the many IT standards adopted by auditors in structuring their internal controls are COBIT and Trust Services.
COBIT represents Control Objective for Information and Related Technology. The standards that are included in COBIT are platform independent which is the very reason why these standards become the de-facto standards used by auditors and in complying with Sarbanes-Oxley. The COBIT standards which are classified into six general components are composed of more than 300 objectives. These components include: (a) the executive summary, (b) framework, (c) control objectives, (d) control practices, (e) management guidelines, and (f) audit guidelines. The executive summary introduces auditors to the key principles and concepts involved in the standards; the framework and control objectives organize the elementary models of COBIT into four major segments which are planning and organizing, acquisition and implementation, delivery and support, and monitoring and evaluation; control practices defines the best practices as well as elaborate the requirements for specific controls; management guidelines link the IT objectives with the objectives of the business; and the audit guidelines provide guidelines on how controls are evaluated and assessed (Lahti, Peterson & Lanza, 2005).
Like COBIT, Trust Services is also a set of core principles and selective criteria for the key areas in IT operations.
Its main goals are to address the risks in operating IT and to control and regulate the associated opportunities in operating an IT. The Trust Services defines its criteria and principles into four major areas which are: policies, communication, procedures, and monitoring. Instead of focusing on firms employing IT services, the main target of Trust Services are ordinary consumers, business partners, bakers and creditors, regulators and other stakeholders (TCICA, n.d). Business processes require efficient methods of managing a lot of data and information.
Information keeping and information gathering has evolved into more than just the recording of transactions and filling them up in the archives. Information has become the determining factor in decision making process. Managers and business owners who can synthesize and fully utilize the information available are likely the ones that will be able to succeed in a very competitive environment (Kobel & Gimpert, 2008). This means that businesses that are able to select the most appropriate IT platform based on the uniqueness of their IT needs will be most likely the ones who would be able to use complex information to their decision-making process.
Hence, it is very important for organizations to employ IT systems that would allow it store, manage, and distribute data in the most effective, accurate, and reliable manner. Data and information that are stored in IT systems that have little, inadequate, or non-existent internal controls are in for a lot of risk. For one thing, data stored in the system can be lost, misrepresented, or can be breached by external and unauthorized access. When this occurs, businesses can be exposed to a lot of financial losses or losses on business opportunities which could hurt its long-term existence (Kobel & Gimpert, 2008).
These are the reasons why the firm’s clients must pay particular interest to COBIT and Trust Services. As was discussed, COBIT and Trust Services ensures that the IT platforms the clients are using conform to the information management principles and criteria they have outlines. Those IT platforms that fail to conform to the required standards are not implemented and are scraped.