The Joy of SOX: Why Sarbanes-Oxley and Services Oriented Architecture May Be the Best Thing That Ever Happened to You
暫譯: SOX的樂趣:為什麼薩班斯-奧克斯利法案與服務導向架構可能是你遇過的最佳事物

Hugh Taylor

The Joy of SOX: Why Sarbanes-Oxley and Services Oriented Architecture May Be the Best Thing That Ever Happened to You

買這商品的人也買了...

商品描述

Description

  • The Sarbanes-Oxley Act (SOX) was passed in 2002 in response to a series of high-profile corporate scandals and requires that public companies implement internal controls over financial reporting, operations, and assets; these controls depend heavily on installing or improving information technology and business methods
  • Written by one of the most visible personalities on the tech-biz side of the SOX discussion, this highly readable, engaging book provides a clear road map for integrating SOX compliance into the fabric of everyday IT infrastructure and business practice
  • Shows the reader how to leverage and use service-oriented architecture (SOA), a set of technologies that enables interoperation of heterogeneous computer systems, to achieve the level of internal controls over IT that SOX mandates

 

Table of Contents

Acknowledgements.

Introduction.

Part 1: The SOX Paradox.

Chapter 1: The Trouble with DexCo.

The Curse of the Adequate Performer.

A Functioning Mess.

Financials.

Hidden Time Bombs.

Summary.

Chapter 2: Agility: The Do or Die Mandate.

New Blood, New Operating Environment.

Moving Targets.

Partnerships.

Rapid Market Cycles.

Technology Shifts.

M&A.

Retail Consolidation.

Regulatory Shift.

Betting the Company.

Outsourcing.

Agility for DexCo.

The Wilde Plan.

Summary.

Chapter 3: Ramifications of SOX 404.

SOX 404—Definition and Context.

SOX 404 and the Audit Process.

COSO at DexCo.

Control Objectives.

Control Components.

Control Environment.

Risk Assessment.

Control Procedures.

Information and Communication.

Monitoring.

Why Linda Is Freaking Out.

Summary.

Chapter 4: Between SOX and a Hard-Coded Place.

Internal Controls and Business Processes.

Internal Controls and Information Technology.

Control Points.

Interdependent Controls.

The FAST Track to a Control Breakdown.

Broken Control Points.

Summary.

Chapter 5: Commit to COBIT?

This Is a High Stakes Game.

Strong Medicine: COBIT.

COBIT: Where IT Enables Controls.

Components of COBIT.

COBIT and Sarbanes Oxley.

COBIT in Depth: The DS 11 Process.

Control Statements.

Key Goal Indicators.

Key Performance Indicators.

Critical Success Factors.

Maturity Models.

Implications of DS 11’s Maturity Scale.

Summary.

Chapter 6: COBIT for Mere Mortals.

The 80/20 Heat Map.

COBIT Implementation.

Finding the Hot Areas for COBIT.

Deep Dive—Maturity of COBIT in a Hot Area.

Deeper Dive—COBIT Issues for a Specific Function.

Deep Dive—Circle Back to COSO.

COBIT and People.

Paying the Tab for COBIT.

DexCo’s Next Steps on COBIT.

Summary.

Chapter 7: The Pain of SOX.

COSO, COBIT, and Controls versus the Wilde Plan.

Flex-acturing.

Distribution.

Marketing.

Organizational Changes.

The Lose-Lose-Lose Proposition.

Think Globally but Act Recklessly.

Comply and Die.

The Remediation Doom Loop.

Non-Compliance Penalties.

Jim’s Big Question.

Summary.

Part II: Thinking Outside the SOX.

Chapter 8: What If?

Back at the Ranch.

Defining Agile Compliance.

Compliance as a Driver of Positive Change.

It’s Happened Before.

Summary.

Chapter 9: The Technology of Agile Compliance.

Living Up to Potential.

The Four Questions.

Mapping Business Process and IT Architecture.

Contractual Relationships.

Process Flow.

IT Architecture.

Is Flex-Acturing Under Control?

Will It Flex?

Answering Dale’s Questions.

What It Will Take to Flex.

Summary.

Chapter 10: The Organization of Agile Compliance.

Challenges to the Agile, Compliant Organization.

Tone at the Top Revisited.

The Accounting Organization.

The IT Organization.

Territoriality, Silos, and Culture.

Requirements for an Agile, Compliant Organization.

Summary.

Chapter 11: The Walk-Through.

Dale’s Need for an Overview.

Agile Compliance—The IT Plan.

Business Process Modeling and BPEL.

Unified Online Workspace.

Centralized User Management.

Application Development and Integration Process.

Agile Compliance and IT—The Sum of Its Parts.

Agile Compliance—The Organizational Plan.

The Agile Compliance Process Plan.

Troubleshooting.

Summary.

Chapter 12: The Pay Off.

Investing in Agile Compliance.

Return on Agile Compliance Investment.

Lower Cost of Compliance.

Operational Savings.

Agility.

Realizing the Wish List.

Summary.

Part III: Actually Doing It—For Real.

Chapter 13: IT Solutions for Agile Compliance.

Defining SOA.

Enterprise Service Bus.

SOBA.

On-Demand Software.

The Promise of SOA for Agile Compliance.

Even a Magic Bullet Can Kill You.

Summary.

Chapter 14: SOX Software.

Taxonomy of SOX Packages.

Shared Workspace.

Documentation Management.

Financial Coordination.

Exception Monitoring .

Internal Controls Modules.

Realizing the Potential of SOX Software.

Putting the SOX Packages into a Compliance Architecture.

SOX Packages and the DexCo Agile Compliance Plan.

Summary.

Chapter 15: FAST or Slow?

SOA for DexCo’s Agile Compliance.

The Agile Compliance Scorecard.

Scoring the Business Processes.

The Next Level: Scoring the Systems.

Back to Reality.

Summary.

Chapter 16: Conclusion.

Consensus.

The Future .

Appendix A: Glossary.

Appendix B: Resources.

Government Bodies and Organizations.

Audit Firms and Analysts That Publish Sarbanes Oxley Research.

Online Resources.

Bibliography.

Books.

Articles.

Reports and White Papers.

Index.

商品描述(中文翻譯)

**描述**

- 萨班斯-奥克斯利法案(SOX)於2002年通過,旨在應對一系列高調的企業醜聞,並要求上市公司在財務報告、運營和資產方面實施內部控制;這些控制在很大程度上依賴於安裝或改進信息技術和商業方法。
- 本書由SOX討論中最具影響力的人物之一撰寫,內容易讀且引人入勝,提供了一個清晰的路線圖,幫助將SOX合規性融入日常IT基礎設施和商業實踐中。
- 向讀者展示如何利用和使用面向服務的架構(SOA),這是一組技術,能夠實現異構計算機系統的互操作性,以達到SOX所要求的IT內部控制水平。

**目錄**

**致謝。**

**引言。**

**第一部分:SOX悖論。**

**第1章:DexCo的麻煩。**
- 足夠表現者的詛咒。
- 一個運作不良的混亂。
- 財務狀況。
- 隱藏的定時炸彈。
- 總結。

**第2章:敏捷性:生死攸關的命令。**
- 新血液,新運營環境。
- 移動的目標。
- 合作夥伴關係。
- 快速市場周期。
- 技術變遷。
- 併購。
- 零售整合。
- 監管變化。
- 賭上公司。
- 外包。
- DexCo的敏捷性。
- Wilde計劃。
- 總結。

**第3章:SOX 404的影響。**
- SOX 404—定義與背景。
- SOX 404與審計過程。
- DexCo的COSO。
- 控制目標。
- 控制組件。
- 控制環境。
- 風險評估。
- 控制程序。
- 信息與溝通。
- 監控。
- 為什麼Linda感到焦慮。
- 總結。

**第4章:在SOX與硬編碼之間。**
- 內部控制與商業流程。
- 內部控制與信息技術。
- 控制點。
- 互依控制。
- 控制崩潰的快速通道。
- 破損的控制點。
- 總結。

**第5章:承諾COBIT?**
- 這是一場高風險的遊戲。
- 強效藥物:COBIT。
- COBIT:IT如何促進控制。
- COBIT的組成部分。
- COBIT與萨班斯-奥克斯利法案。
- COBIT深入分析:DS 11過程。
- 控制聲明。
- 主要目標指標。
- 主要績效指標。
- 關鍵成功因素。
- 成熟度模型。
- DS 11成熟度量表的含義。
- 總結。

**第6章:普通人的COBIT。**
- 80/20熱圖。
- COBIT實施。
- 尋找COBIT的熱點區域。
- 深入探討—COBIT在熱點區域的成熟度。
- 更深入探討—特定功能的COBIT問題。
- 深入探討—回到COSO。
- COBIT與人員。
- 為COBIT支付費用。
- DexCo的COBIT下一步。
- 總結。

**第7章:SOX的痛苦。**
- COSO、COBIT與控制對比Wilde計劃。
- 彈性製造。
- 分配。
- 市場營銷。
- 組織變革。
- 三輸的命題。
- 全球思考但魯莽行動。
- 遵從與死亡。
- 補救的詛咒循環。
- 不合規的罰款。
- Jim的重大問題。
- 總結。

**第二部分:超越SOX的思考。**

**第8章:如果?**
- 回到牧場。
- 定義敏捷合規性。
- 合規作為積極變革的驅動力。
- 這種情況以前發生過。
- 總結。

**第9章:敏捷合規的技術。**
- 實現潛力。
- 四個問題。
- 商業流程與IT架構的映射。
- 合同關係。
- 流程流。
- IT架構。
- 彈性製造是否在控制之中?
- 它會彈性嗎?
- 回答Dale的問題。
- 彈性所需的條件。
- 總結。

**第10章:敏捷合規的組織。**
- 對敏捷合規組織的挑戰。
- 領導層的基調重訪。
- 會計組織。
- IT組織。
- 領土性、孤島與文化。
- 敏捷合規組織的要求。
- 總結。

**第11章:走查。**
- Dale對概覽的需求。
- 敏捷合規—IT計劃。
- 商業流程建模與BPEL。
- 統一的在線工作空間。
- 集中用戶管理。
- 應用開發與集成過程。
- 敏捷合規與IT—各部分的總和。
- 敏捷合規—組織計劃。
- 敏捷合規過程計劃。
- 故障排除。
- 總結。

**第12章:回報。**
- 投資於敏捷合規。
- 敏捷合規投資的回報。
- 降低合規成本。
- 營運節省。
- 敏捷性。
- 實現願望清單。
- 總結。

**第三部分:實際執行—真實的。**

**第13章:敏捷合規的IT解決方案。**
- 定義SOA。
- 企業服務總線。
- SOBA。
- 按需軟件。
- SOA對敏捷合規的承諾。
- 即使是魔法子彈也可能致命。
- 總結。

**第14章:SOX軟件。**
- SOX套件的分類。
- 共享工作空間。
- 文檔管理。
- 財務協調。
- 例外監控。
- 內部控制模塊。
- 實現SOX軟件的潛力。
- 將SOX套件納入合規架構。
- SOX套件與DexCo的敏捷合規計劃。
- 總結。

**第15章:快速還是緩慢?**
- DexCo的敏捷合規的SOA。
- 敏捷合規計分卡。
- 評分商業流程。
- 下一層級:評分系統。
- 回到現實。
- 總結。

**第16章:結論。**

類似商品