The Sarbanes-Oxley Act (SOX) requires that IT departments in public companies clearly understand their organization’s financial reporting requirements. IT is also responsible for the support and protection of financial data and the process of reporting it. That includes monitoring and maintaining logs that demonstrate “IT general controls” around user access management, program changes, and other IT-related processes.
SOX compliance thus adds a layer of auditing work for IT departments. Smart IT departments find a way to automate their IT general controls to save them time and effort every year. Plus, the more controls they automate, the fewer controls need to be reviewed by outside auditors.
Analytics enables the process of testing IT general controls through automation. They eliminate the need to prove manual controls, which are harder to validate.
With analytics and workflows, companies can apply defined rules to demonstrate that their processes are under consistent control. The rules require employees and users to unequivocally follow established processes. The rules combine with workflows to generate log entries, audit trails, and easy-to-follow reports on compliance. Analytics allows companies to aggregate and automate their testing of IT general controls, then apply criteria such as IT service tickets, HR listings, etc. As SOX has made it increasingly urgent to find and correct errors, automation through analytics provides a necessary alternative to manual review of IT general controls.