Banking: Relating Information Technology Controls to Sarbanes Oxley 

Introduction

Beginning a Sarbanes-Oxley (SOX) compliance project requires an organization to evaluate the controls required to produce accurate financial statements. However, evaluating only the financial controls is not enough. Many systems and controls are already in place for Information Technology (IT) security that can complement the bank’s SOX activity. Banks need to take a macro approach with respect to their SOX compliance. Although SOX does cover the IT general controls, there are different Objectives and Risks that need to be addressed for the bank’s other compliance activities. SOX requires being able to timely create accurate financial statements. The banks requirements for IT security also include protecting the integrity of customer information. Although the bank may feel that they are addressing the IT controls for the Bank Secrecy Act, they all may not necessarily be appropriate for SOX.

General Requirements

All organizations’ financial statements rely on adequate IT control systems for accurate information. The effectiveness of these IT control systems directly affects the production of accurate financial statements. Ineffective implementation of any of the controls jeopardizes the integrity of the financial data presented, through fraud, inadvertent loss or an incomplete processing of transactions.

Business Issues

Mergers and Acquisitions

In the life-span of banking institutions, mergers and acquisitions are always a possibility. Integrating different cultures as well as different systems is challenging. Regardless if the merger or acquisition occurs, the integrity of data security must be protected. Not all banks are interested in mergers, but their IT systems and effectiveness of their IT control systems need to pass the security test, before and after any merger or acquisition.

Branch Expansion

Most banks move into the branch expansion with diligent care in selecting the right location and staff. The care that is taken to insure the new branch is fully integrated into the IT security framework to prevent loss of data, fraud, or manipulation is a continual process that challenges the IT systems and effectiveness of these IT controls.

Debit Cards

Banks need to offer customers increased flexibility by having direct access to their accounts. The same IT security framework and controls that are developed for Internet Banking need to be implemented here as well. The risk or compromise of data increases when banks add this flexibility that is demanded by their customers.

Internet Banking

Internet Banking is a necessary ingredient for the survivability for today’s banks. The increased flexibility and reduction for teller operations are an added benefit for today’s internet banking. However, new challenges are added to prevent hacking, identity theft, and loss of customer data. IT security is a big issue here, so the need to have adequate Objectives, properly identified Risks and IT general controls, will be vital to adequately address SOX requirements, produce accurate and timely financial statements, and protect the integrity of their customer’s data.

Privacy

Most banking customers demand the increased flexibility to access their accounts at their leisure. This shift in the banking model increases the odds of loss of customer’s data. The immediate impact of the banks financial statement depends on the situation, but could lead to lawsuits, penalties, and other exposure. The greatest risk here may lie in the risk to the reputation of the bank and security of their customer’s data.

Conclusion

If your Bank has a significant IT department or not, the need for maintaining IT controls are extensive. When addressing IT controls, banks should incorporate all their IT related requirements into a common framework that can be used for all their IT controls. An effective Information Security Management System will allow organizations to grow and prosper while ensuring compliance with Sarbanes Oxley. 

Our Team
Our team is comprised of experienced executives, managers and consultants who will assist your banking organization in the development, implementation and execution of comprehensive risk management and compliance strategies.  From the initial passage of  Sarbanes-Oxley in 2002, Visage has provided solutions to a client base ranging from private, entrepreneurial companies to large multinationals. 

Our Value 

    • Utilizing our proprietary SingleVue™ compliance methodology, we tailor comprehensive, cost-effective and flexible solutions to our clients.
    • Our solutions enhance your current business processes, rather than adding unnecessary overhead, thus creating measurable long-term value.
    • We involve your executive team, including your internal and external advisors, to guarantee solutions are absolutely consistent with your requirements.
    • We allow you to concentrate on managing your business.

For additional analysis and insight, your attention is directed to the white paper titled, “AS5 and Banking Industry Impact”, authored by Visage CEO Robert M. Broda, which may be found by clicking on the link below.  We look forward to working with you in developing your Sarbanes-Oxley compliance solution. 

Link:
 AS5 and Banking Industry Impact  

  


To subscribe to our newsletter. Enter your Email ID in the box below.

Newsletter conceived and designed by webdesignstudio.com
You received this email because you opted to receive this Visage Solutions Mailer through one of our valued partners or by subscribing through www.visagesolutions.com. If you believe you received this message in error or would no longer like to receive uniform periodic updates, please follow the unsubscription instructions at the bottom of this email.
Copyright © 2007 Visage Solutions, LLC.