BKBYNSOX.RVW 20070228
"Beyond Sarbanes-Oxley Compliance", Anne M. Marchetti, 2005,
0-471-72626-5, U$49.95/C$64.99/UK#27.95
%A Anne M. Marchetti
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%D 2005
%G 0-471-72626-5
%I John Wiley & Sons, Inc.
%O U$49.95/C$64.99/UK#27.95 416-236-4433 fax: 416-236-4448
%O http://www.amazon.com/exec/obidos/ASIN/0471726265/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/0471726265/robsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASIN/0471726265/robsladesin03-20
%O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 271 p.
%T "Beyond Sarbanes-Oxley Compliance"
Part one deals with the basic level of compliance, ensuring that a
company is not in contravention of the Sarbanes-Oxley (SOX) act.
Chapter one is on overview of the US law. More detail on sections
302, 404, and 409 of the act, and the implications thereof, is
provided in chapter two. Factors affecting the initial, rudimentary
level of compliance are discussed in chapter three, but the material
is somewhat disorganized. Chapter four defines a number of terms
relating to control deficiencies, and outlines a six-step "path" to
compliance (which is based upon general project management stages).
Part two moves from the fundamental compliance level to a process
involving ongoing maintenance and monitoring. Chapter five examines
the success (and failure) factors for change management, and this time
promotes a five-step project cycle, which is extended and detailed in
chapter six. The audit function is reviewed, in chapter seven, mostly
regarding independence between auditors and the audited. Other
matters relating to ensuring compliance on an ongoing basis are noted
in chapter eight.
Part three suggests that companies move beyond regarding mere
requirements for compliance to process improvement, the topic of
chapter nine. The remaining chapters, although seemingly included in
this part of the book have little to do with process improvement as
such: ten explores the International Financial Reporting Standard
(IFRS), eleven notes SOX requirements for companies not under the
jurisdiction of the United States, and twelve looks at initiatives
from the financial services industry, such as Basel II.
In the earlier "Beyond COSO" (cf. BKBECOSO.RVW) Steven Root
recommended that companies should implement internal controls as
suggested by the Committee of Sponsoring Organizations of the Treadway
Commission, but must also go beyond them, in a manner similar to the
layered defence or defence in depth models. Marchetti's similar title
would imply a comparable intent. Unfortunately, "Beyond Sarbanes-
Oxley Compliance" is incomplete in its explanation of SOX, and does
not provide much assistance in achieving minimal compliance, let alone
moving beyond that level. For those with a rudimentary understanding
of internal controls, this book does provide some additional
background and a set of factors to consider, but not much more.
copyright Robert M. Slade, 2007 BKBYNSOX.RVW 20070228
====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
I don't use drugs; my dreams are frightening enough - Escher
Dictionary of Information Security www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/CISSP-Discuss/join
(Yahoo! ID required)
<*> To change settings via email:
mailto:CISSP-Discuss-digest@yahoogroups.com
mailto:CISSP-Discuss-fullfeatured@yahoogroups.com
<*> To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
