General discussion



By newpm ·
I would like to implement some best practises,policies and standard procedure in out IT department. I have been looking in to the above but could not decide on which one to go for. Is there any advantages of going for one on the other. I am in Canada, Toronto if that matters ..

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

I'd start with

by dspeacock In reply to ITIL , COBIT, SOX

CoBIT and get the structure in place. Then look at SOX, ITIL and the sort. Once you're confident that the controls are in an internal SAS70 type audit to find where it's lacking, then fix the deficiencies found. That way you're ready for a real SAS70 .

Collapse -

SOX in Canada

by JamesRL In reply to I'd start with

You will find lots of SOX work going on in Canada because if your company is owned by Americans, then you have to do it so tat they will be compliant.

But I would leave it for last. If you get sorted out with CoBit or CMM or ITIL you will be in pretty good shape SOXwise...


Collapse -

Start with CobiT

by JBraithwaite In reply to ITIL , COBIT, SOX

You should start with CobiT as this will help you to determine where you you work through the CobiT Methodology you will see gaps in your processes, and structure...these gaps can be mitigated with ITIL for SOX, that is just the act of passing an audit...if you do the first two points really well, then the audit part should be relatively easy...

Collapse -

Policies and Procedures for your organization

by cdenyer In reply to ITIL , COBIT, SOX

There are a number of ways to "tackle" this. You could implement a very thorough corporate policy and procedure manual which covers all areas, while at the same time adopting a best of breed standard/benchmark/framework. I'd be more than happy to discuss this with you:

Back to IT Employment Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums