Search:
      
  Home   |  About APS  |  Services Offering   | Solutions  |  Careers | Contact 
CMMI®
ISO 9001:2008
Six Sigma
PMO
ITIL®
SOX
IV & V
Home > Solutions > Sarbanes-Oxley act of 2002 (SOX)
 
 

What is Sarbanes-Oxley act of 2002 (SOX)?

All publicly-traded companies in the United States, including all wholly-owned subsidiaries, and all publicly-traded non-US companies doing business in the US and any organizations that are preparing for their initial public offering (IPO), will be required to submit an annual assessment of the effectiveness of their internal financial auditing controls to the Securities and Exchange Commission (SEC). Additionally, each company's external auditors are required to audit and report on the internal control reports of management, in addition to the company's financial statements.

More specifically, Sarbanes-Oxley established new accountability standards for corporate boards and auditors, established a Public Company Accounting Oversight Board (PCAOB) under the Security and Exchange Commission (SEC), and specified civil and criminal penalties for noncompliance.

How APS help add value to your SOX initiative

APS leverages compliance initiatives such as SOX to improve the organizational processes and achieve better controls and repeatability.
The adherence to SOX-404 requires achieving 6 IT control objectives. APS' implementation of CMMI® Level 2 is designed to achieve four of those six IT objectives.

1. Control Objective-1: Change Control Process

All programs will follow a defined Scope Change Management process and the adherence to those processes will be periodically checked by the Process Quality Assurance Health Check audits and Mini CMMI® Appraisals

2. Control Objective-2: Emergency Changes

All programs will follow a defined Emergency Change Control procedure, Change Activity Notifications, Release Management and Break-Glass procedures. The adherence to those processes will be periodically checked by the Process Quality Assurance Health Check audits and Mini CMMI® Appraisals.

3. Control Objective-3: Project Life Cycle Methodology

All programs will document the end-to-end Project Life Cycle Methodology for the development/maintenance of IT systems. The adherence to those processes will be periodically checked by the Process Quality Assurance Health Check audits and Mini CMMI® Appraisals

4. Control Objective-4: Testing

All programs will follow defined testing and bi-directional traceability processes to ensure that all approved business requirements/changes are tested before releasing to production. The adherence to those processes will be periodically checked by the Process Quality Assurance Health Check audits and Mini CMMI® Appraisals.

APS implementation of ITIL® and CMMI® Level 3 addresses the other two control objectives namely 'Application Logical Access Controls' and 'Access Administration Process'.

 
© 2011 Applied Process Solutions Inc., All Rights Reserved.
Home Sitemap Contact us