The Joy of SOX: Why Sarbanes-Oxley and Services Oriented Architecture May Be the Best Thing That Ever Happened to You

Hugh Taylor

  • 出版商: Wiley
  • 出版日期: 2006-04-03
  • 定價: $1,575
  • 售價: 2.5$399
  • 語言: 英文
  • 頁數: 312
  • 裝訂: Paperback
  • ISBN: 0471772747
  • ISBN-13: 9780471772743
  • 立即出貨 (庫存 < 3)




  • The Sarbanes-Oxley Act (SOX) was passed in 2002 in response to a series of high-profile corporate scandals and requires that public companies implement internal controls over financial reporting, operations, and assets; these controls depend heavily on installing or improving information technology and business methods
  • Written by one of the most visible personalities on the tech-biz side of the SOX discussion, this highly readable, engaging book provides a clear road map for integrating SOX compliance into the fabric of everyday IT infrastructure and business practice
  • Shows the reader how to leverage and use service-oriented architecture (SOA), a set of technologies that enables interoperation of heterogeneous computer systems, to achieve the level of internal controls over IT that SOX mandates


Table of Contents



Part 1: The SOX Paradox.

Chapter 1: The Trouble with DexCo.

The Curse of the Adequate Performer.

A Functioning Mess.


Hidden Time Bombs.


Chapter 2: Agility: The Do or Die Mandate.

New Blood, New Operating Environment.

Moving Targets.


Rapid Market Cycles.

Technology Shifts.


Retail Consolidation.

Regulatory Shift.

Betting the Company.


Agility for DexCo.

The Wilde Plan.


Chapter 3: Ramifications of SOX 404.

SOX 404—Definition and Context.

SOX 404 and the Audit Process.

COSO at DexCo.

Control Objectives.

Control Components.

Control Environment.

Risk Assessment.

Control Procedures.

Information and Communication.


Why Linda Is Freaking Out.


Chapter 4: Between SOX and a Hard-Coded Place.

Internal Controls and Business Processes.

Internal Controls and Information Technology.

Control Points.

Interdependent Controls.

The FAST Track to a Control Breakdown.

Broken Control Points.


Chapter 5: Commit to COBIT?

This Is a High Stakes Game.

Strong Medicine: COBIT.

COBIT: Where IT Enables Controls.

Components of COBIT.

COBIT and Sarbanes Oxley.

COBIT in Depth: The DS 11 Process.

Control Statements.

Key Goal Indicators.

Key Performance Indicators.

Critical Success Factors.

Maturity Models.

Implications of DS 11’s Maturity Scale.


Chapter 6: COBIT for Mere Mortals.

The 80/20 Heat Map.

COBIT Implementation.

Finding the Hot Areas for COBIT.

Deep Dive—Maturity of COBIT in a Hot Area.

Deeper Dive—COBIT Issues for a Specific Function.

Deep Dive—Circle Back to COSO.

COBIT and People.

Paying the Tab for COBIT.

DexCo’s Next Steps on COBIT.


Chapter 7: The Pain of SOX.

COSO, COBIT, and Controls versus the Wilde Plan.




Organizational Changes.

The Lose-Lose-Lose Proposition.

Think Globally but Act Recklessly.

Comply and Die.

The Remediation Doom Loop.

Non-Compliance Penalties.

Jim’s Big Question.


Part II: Thinking Outside the SOX.

Chapter 8: What If?

Back at the Ranch.

Defining Agile Compliance.

Compliance as a Driver of Positive Change.

It’s Happened Before.


Chapter 9: The Technology of Agile Compliance.

Living Up to Potential.

The Four Questions.

Mapping Business Process and IT Architecture.

Contractual Relationships.

Process Flow.

IT Architecture.

Is Flex-Acturing Under Control?

Will It Flex?

Answering Dale’s Questions.

What It Will Take to Flex.


Chapter 10: The Organization of Agile Compliance.

Challenges to the Agile, Compliant Organization.

Tone at the Top Revisited.

The Accounting Organization.

The IT Organization.

Territoriality, Silos, and Culture.

Requirements for an Agile, Compliant Organization.


Chapter 11: The Walk-Through.

Dale’s Need for an Overview.

Agile Compliance—The IT Plan.

Business Process Modeling and BPEL.

Unified Online Workspace.

Centralized User Management.

Application Development and Integration Process.

Agile Compliance and IT—The Sum of Its Parts.

Agile Compliance—The Organizational Plan.

The Agile Compliance Process Plan.



Chapter 12: The Pay Off.

Investing in Agile Compliance.

Return on Agile Compliance Investment.

Lower Cost of Compliance.

Operational Savings.


Realizing the Wish List.


Part III: Actually Doing It—For Real.

Chapter 13: IT Solutions for Agile Compliance.

Defining SOA.

Enterprise Service Bus.


On-Demand Software.

The Promise of SOA for Agile Compliance.

Even a Magic Bullet Can Kill You.


Chapter 14: SOX Software.

Taxonomy of SOX Packages.

Shared Workspace.

Documentation Management.

Financial Coordination.

Exception Monitoring .

Internal Controls Modules.

Realizing the Potential of SOX Software.

Putting the SOX Packages into a Compliance Architecture.

SOX Packages and the DexCo Agile Compliance Plan.


Chapter 15: FAST or Slow?

SOA for DexCo’s Agile Compliance.

The Agile Compliance Scorecard.

Scoring the Business Processes.

The Next Level: Scoring the Systems.

Back to Reality.


Chapter 16: Conclusion.


The Future .

Appendix A: Glossary.

Appendix B: Resources.

Government Bodies and Organizations.

Audit Firms and Analysts That Publish Sarbanes Oxley Research.

Online Resources.




Reports and White Papers.