Sarbanes-Oxley IT Compliance Using Open Source ToolsBy
- Christian Lahti
- Roderick Peterson
The Sarbanes-Oxley Act (officially titled the Public Company Accounting Reform and Investor Protection Act of 2002), signed into law on 30 July 2002 by President Bush, is considered the most significant change to federal securities laws in the United States since the New Deal. It came in the wake of a series of corporate financial scandals, including those affecting Enron, Arthur Andersen, and WorldCom. The law is named after Senator Paul Sarbanes and Representative Michael G. Oxley. It was approved by the House by a vote of 423-3 and by the Senate 99-0.
This book illustrates the many Open Source cost-saving opportunities that public companies can explore in their IT enterprise to meet mandatory compliance requirements of the Sarbanes-Oxley act. This book will also demonstrate by example and technical reference both the infrastructure components for Open Source that can be made compliant, and the Open Source tools that can aid in the journey of compliance. Although many books and reference material have been authored on the financial and business side of Sox compliance, very little material is available that directly address the information technology considerations, even less so on how Open Source fits into that discussion.
The format of the book will begin each chapter with the IT business and executive considerations of Open Source and SOX compliance. The remaining chapter verbiage will include specific examinations of Open Source applications and tools which relate to the given subject matter.
All disc-based content for this title is now available on the Web.
IT professionals, consultants, and auditors. Anyone in the IT department looking for ways Open Source tools can reduce the cost of compliance.
Published: December 2007
- Chapter 1: Sox and Cobit DefinedChapter 2: Cost of ComplianceChapter 3: Why Open SourceChapter 4: Domain 1 - Planning and OrganizationChapter 5: Domain 2 - Acquisition and ImplementationChapter 6: Domain 3 - Delivery and SupportChapter 7: Domain 4 - MonitoringChapter 8: The Bottom Line