Discussions

ITIL , COBIT, SOX

Tags:
+
0 Votes
Locked

ITIL , COBIT, SOX

newpm
I would like to implement some best practises,policies and standard procedure in out IT department. I have been looking in to the above but could not decide on which one to go for. Is there any advantages of going for one on the other. I am in Canada, Toronto if that matters ..
  • +
    0 Votes
    dspeacock

    CoBIT and get the structure in place. Then look at SOX, ITIL and the sort. Once you're confident that the controls are in place....do an internal SAS70 type audit to find where it's lacking, then fix the deficiencies found. That way you're ready for a real SAS70 .

    +
    0 Votes
    JamesRL

    You will find lots of SOX work going on in Canada because if your company is owned by Americans, then you have to do it so tat they will be compliant.

    But I would leave it for last. If you get sorted out with CoBit or CMM or ITIL you will be in pretty good shape SOXwise...

    James

    +
    0 Votes
    JBraithwaite

    You should start with CobiT as this will help you to determine where you are...as you work through the CobiT Methodology you will see gaps in your processes, and structure...these gaps can be mitigated with ITIL processes...as for SOX, that is just the act of passing an audit...if you do the first two points really well, then the audit part should be relatively easy...

    +
    0 Votes
    cdenyer

    There are a number of ways to "tackle" this. You could implement a very thorough corporate policy and procedure manual which covers all areas, while at the same time adopting a best of breed standard/benchmark/framework. I'd be more than happy to discuss this with you: cdenyer@ndbcpa.com

  • +
    0 Votes
    dspeacock

    CoBIT and get the structure in place. Then look at SOX, ITIL and the sort. Once you're confident that the controls are in place....do an internal SAS70 type audit to find where it's lacking, then fix the deficiencies found. That way you're ready for a real SAS70 .

    +
    0 Votes
    JamesRL

    You will find lots of SOX work going on in Canada because if your company is owned by Americans, then you have to do it so tat they will be compliant.

    But I would leave it for last. If you get sorted out with CoBit or CMM or ITIL you will be in pretty good shape SOXwise...

    James

    +
    0 Votes
    JBraithwaite

    You should start with CobiT as this will help you to determine where you are...as you work through the CobiT Methodology you will see gaps in your processes, and structure...these gaps can be mitigated with ITIL processes...as for SOX, that is just the act of passing an audit...if you do the first two points really well, then the audit part should be relatively easy...

    +
    0 Votes
    cdenyer

    There are a number of ways to "tackle" this. You could implement a very thorough corporate policy and procedure manual which covers all areas, while at the same time adopting a best of breed standard/benchmark/framework. I'd be more than happy to discuss this with you: cdenyer@ndbcpa.com