UC4 Software: HELPING IT ACHEIVE SARBANES-OXLEY COMPLIANCE



Similar documents
Workflow vs. Application Automation Tools: Choosing the Right Tool for the Job

BENEFITS OF AUTOMATING DATA WAREHOUSING

Reducing Total Cost of Ownership for Oracle Retail

For more information about UC4 products please visit Automation Within, Around, and Beyond Oracle E-Business Suite

UC4 for SAP NetWeaver

Using Assurance Models in IT Audit Engagements

A FRAMEWORK FOR INTEGRATING SARBANES-OXLEY COMPLIANCE INTO THE SOFTWARE DEVELOPMENT PROCESS

BMC Control-M Workload Automation

White Paper. Regulatory Compliance and Database Management

CA Process Automation for System z 3.1

Key Requirements for a Job Scheduling and Workload Automation Solution

When It Needs to Get Done at 2 a.m., That s when you can rely on CA Workload Automation

Sarbanes-Oxley Compliance: Section 404-Past, Present, and Future

WHITE PAPER. Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements

International Institute of Management

IBM Tivoli Service Request Manager

Sarbanes-Oxley Control Transformation Through Automation

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Combine ITIL and COBIT to Meet Business Challenges

An Oracle White Paper May Oracle Database Cloud Service

IT Governance Dr. Michael Shaw Term Project

END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE

Driving workload automation across the enterprise

Do Your IT Housekeeping with UC4 Workload Automation Suite

IBM Tivoli Netcool Configuration Manager

IBM Tivoli Storage Manager

Surviving an Identity Audit

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

CRISP Technologies Inc.

WHITEPAPER. Identity Management and Sarbanes-Oxley Compliance. T h i n k I D e n t i t y. September 2005

EMC Data Protection Advisor 6.0

Sarbanes Oxley Act Statement of Ability. An AdRem Software White Paper

Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER

Veritas Configuration Manager Profile. A Profile Prepared by EMA October 2006

Version 1.0. IT Service Management & IT Asset Management Services (ITSM & ITAM Services) Governance Process

CA Service Desk Manager

Microsoft SQL Server 2008 R2 Enterprise Edition and Microsoft SharePoint Server 2010

How To Manage The Sas Metadata Server With Ibm Director Multiplatform

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Information Technology Solutions

Autodesk PLM 360 Security Whitepaper

DCIM Software and IT Service Management - Perfect Together

The syslog-ng Store Box 3 LTS

This article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.

The Recipe for Sarbanes-Oxley Compliance using Microsoft s SharePoint 2010 platform

White Paper. Sarbanes Oxley and iseries Security, Audit and Compliance

Self-Service SOX Auditing With S3 Control

Understanding Enterprise Cloud Governance

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Business white paper. environments. The top 5 challenges and solutions for backup and recovery

Address IT costs and streamline operations with IBM service desk and asset management.

BMC CONTROL-M AUTOMATE AND INTEGRATE YOUR BATCH AND ONLINE PROCESSES ACROSS THE ENTERPRISE.

ITIL Event Management in the Cloud

Data center and cloud management. Enabling data center modernization and IT transformation while simplifying IT management

Simplify and Automate IT

What Should IS Majors Know About Regulatory Compliance?

Logging the Pillar of Compliance

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Reducing Sarbanes-Oxley Operational Risk. Using. A Document Management System

Complying with the Federal Information Security Management Act. Parallels with Sarbanes-Oxley Compliance

The SMB IT Decision Maker s Guide: Choosing a SaaS Service Management Solution

Whitepaper: 7 Steps to Developing a Cloud Security Plan

Internal Control Deliverables. For. System Development Projects

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

Actuate for: Financial Management Reporting Applications

Mayur Dewaikar Sr. Product Manager Information Management Group Symantec Corporation

The CIO Guide to Virtual Server Data Protection

Broadcloud improves competitive advantage with efficient, flexible and scalable disaster recovery services

Securing data at rest white paper

HP Service Manager. Software Version: 9.34 For the supported Windows and UNIX operating systems. Processes and Best Practices Guide

Using COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister

SS&C Outsourcing Services: Beyond Hosting

Attestation of Identity Information. An Oracle White Paper May 2006

CA Message Manager. Benefits. Overview. CA Advantage

CA Deliver r11.7. Business value. Product overview. Delivery approach. agility made possible

Huawei OceanStor Backup Software Technical White Paper for NetBackup

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence

A discussion of information integration solutions November Deploying a Center of Excellence for data integration.

LRS Output Management Solutions

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Sarbanes-Oxley and Sage MAS 90, 200, and

The Importance of IT Controls to Sarbanes-Oxley Compliance

EnterpriseEdition. TEL: +36 (30) FAX: +36 (1)

CA Workload Automation

Optimizing Automation of Internal Controls for GRC and General Business Process Compliance

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

Providing Full Life-cycle Identity Management

IBM Tivoli Storage FlashCopy Manager

Directory Integration in LANDesk Management Suite

SQL-BackTrack the Smart DBA s Power Tool for Backup and Recovery

CA Workload Automation CA 7 Edition r11.3

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

DCIM Software and IT Service Management - Perfect Together DCIM: The Physical Heart of ITSM

CA Workload Automation Agents for Mainframe-Hosted Implementations

syslog-ng Store Box PRODUCT DESCRIPTION Copyright BalaBit IT Security All rights reserved.

HEAT Service Management Platform. White Paper

IT INFRASTRUCTURE MANAGEMENT SERVICE ADDING POWER TO YOUR NETWORKS

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

General Computer Controls

Simplify and Automate IT

Transcription:

UC4 Software: HELPING IT ACHEIVE SARBANES-OXLEY COMPLIANCE Introduction...2 SOX and COBIT: A Brief Review...2 The COBIT Structure...2 Structure of this Document...3 Planning & Organisation...3 Acquisition & Implementation...3 Delivery and Support Detailed Control Objectives...4 Monitoring Control Objectives...6 Summary...6 About UC4 Software...7 Copyright Year 2008 UC4 Software (UC4), All Rights Reserved. The contents of this document are copyrighted by UC4 unless otherwise indicated. All rights are reserved. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, e-mailing, faxing, archiving in a database, redistributing via computer network or in a printed form. 1

INTRODUCTION Information Technology (IT), responsible for running the applications that run a corporation s accounting and financial systems, is becoming an integral part of every corporation s efforts to achieve Sarbanes-Oxley compliance. Fully automating business processes can significantly reduce the number of controls, and consequently the amount of resources required to meet SOX compliance. The IT Governance Institute, in their publication titled IT Control Objectives for Sarbanes-Oxley, stated the IT/financial reporting relationship this way, Financial reporting processes are driven by IT systems. IT is the foundation of an effective system of internal control over financial reporting. Many IT departments are finding automation an important element in SOX compliance: the higher the level of automation, the fewer the controls that must be identified and measured. According to consulting firm Deloitte, implementing a robust external job scheduler can help address the difficulties in achieving SOX compliance by ensuring authorized operational control over systems and processes. This whitepaper describes how UC4 Workload Automation Suite can be used to help meet Sarbanes-Oxley compliance based on the COBIT Control Objectives, a widely adopted set of control objectives. A copy of the COBIT document can be obtained from the IT Governance Institute at www.itgi.org. SOX AND COBIT: A BRIEF REVIEW Spurred on by the failures of such companies as WorldCom and Enron, Congress passed the Sarbanes-Oxley Act of 2002 (SOX) to rebuild the public s confidence in financial reporting by corporate America. SOX compliance has now become an integral part of every corporation s accounting landscape. With increasing emphasis on aligning Information Technology (IT) with corporate business objectives, IT is playing a key role in meeting SOX compliance. The most significant impact on corporations has come from Section 404: Management Assessment of Internal Controls of the Sarbanes-Oxley Act. It states that annual reports must contain an internal control report which shall state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting and contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting. The main point of Section 404 is that companies must now document their financial reporting procedures and the controls they have put in place to ensure the procedures are followed. Because it is the responsibility of IT to implement financial reporting procedures, much of the burden of proof falls upon IT. In response to SOX, the U.S. Securities and Exchange Commission (SEC) requires companies to follow a system of internal controls, and identified COSO as one such system. COSO is the Committee of Sponsoring Organizations of the Treadway Commission created in 1985. COSO provides a framework for standardizing and improving the quality of financial reporting, but does not specifically address IT controls. To remedy this situation, and provide greater guidance to IT managers in complying with SOX, the IT Governance Institute (ITGI) and the Information Systems Audit and Control Association (ISACA) jointly developed the Control Objectives for Information and Related Technologies, known as COBIT. Many companies have adopted COBIT as their SOX audit standard for IT. The current version of COBIT is 3. Version 4 is due out in November 2005. THE COBIT STRUCTURE COBIT defines four domains for the control objectives as shown in the diagram below. COBIT Domains Planning and Organisation Delivery and Support Acquisition and Implementation Monitoring 2

Under each domain, high-level control objectives are defined, and under each highlevel control objective, detailed control objectives are defined. There are 34 highlevel control objectives, and 318 detailed control objectives. An organization that strives for Sarbanes- Oxley compliance will have to show compliance with the control objectives outlined in COBIT (or similar system of internal controls). Application automation and job scheduling software programs can support or directly enable many of the control objectives spanning all four domains. STRUCTURE OF THIS DOCUMENT The remainder of this document is divided into sections representing the four domains for the control objectives. Under each section is a general discussion of how UC4 Workload Automation Suite addresses the high-level control objectives in that domain. Subheadings reflect the relevant control objectives. PLANNING & ORGANISATION document defines the Planning & Organization domain as follows: This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. Furthermore, the realization of the strategic vision needs to be planned, communicated and managed for different perspectives. Finally, a proper organization as well as technological infrastructure must be put in place. Define a Strategic IT Plan COBIT implies that in today s environment, automation is a primary goal for most organizations. UC4 Workload Automation Suite has always had full automation as its main objective, with emphasis on application automation, not just job scheduling. Simple job schedulers cannot achieve the same level of automation as an application automation tool. Rapid development capabilities and ability to model complex business processes ensures that IT can quickly align its processes with the mission and business strategies of the organization. When incorporated as part of the IT infrastructure, UC4 Workload Automation Suite can be included in all planning activities, often resulting in more efficient business processes. UC4 provides enterprise application solutions with the ability to run all applications in an enterprise, creating seamless execution of business processes. A seamless business process requires fewer controls than individual applications being run by their own separate, proprietary schedulers. Define the Information Architecture Security is an increasing concern in IT system architecture. UC4 Workload Automation Suite supports even the most stringent data security through its user logins and passwords, roles that selectively control access to every feature and object in the product, and its database, host, and application logins that encrypt all passwords. Manage the Information Technology Investment IT, like all other areas in a corporation, is being scrutinized to determine the return on investment in hardware, software, and personnel. UC4 Workload Automation Suite, with its object-oriented architecture, reduces development time and automates business processes, often paying for itself within the first couple of years. ACQUISITION & IMPLEMENTATION document defines the Acquisition & Implementation domain as follows: To realize the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into the business process. In addition, changes in and maintenance of existing systems are covered by this domain to make sure that the life cycle is continued for these systems. Acquire and Maintain Application Software The emphasis in COBIT is to acquire software that satisfies the business requirement to provide automated functions which effectively support the business process UC4 Workload Automation Suite emphasizes application automation with full automation as its goal. Business processes can be modeled and fully automated. Object-oriented rapid development tools 3

ensure that business processes can be developed quickly and modified easily. UC4 Workload Automation Suite uses an object-oriented approach to define jobs and job streams. Business processes are represented in graphical flow charts that can be reviewed by auditors, not buried inside scripts. All features and functions can be accessed through the user-friendly GUI client. Complete online Help is available from all areas of the product. UC4 Workload Automation Suite automates entry of parameters, eliminating manual data entry errors and ensuring the correct values are entered every time a process is run. This can significantly reduce the number of controls required to meet SOX requirements. Processes are checked automatically at every step. If a job aborts, the process can be halted at the point of failure, the problem corrected, and the process restarted from the point of failure. No need to rerun the entire process. UC4 Workload Automation Suite provides outstanding availability for the corporate environment, monitoring its own processes and restarts any processes that may be abnormally terminated. If communications are lost between the UC4 Workload Automation Suite master and its agents, job statuses are updated as soon as communications are restored. UC4 Workload Automation Suite resumes its scheduling activities from the point in time when communications were lost. Install and Maintain Technology Infrastructure UC4 Workload Automation Suite is easy to install and maintain and includes a migration utility to move business processes from a development environment to test and production environments. Variables that change in the environments can be mapped to ensure reliable, consistent, and repeatable migration between environments. The migration utility ensures that new business processes can be thoroughly tested before being place in a production environment. Install and Accredit Systems UC4 Workload Automation Suite comes with a complete set of documentation available in print format, PDF, and online through the Suite client. Procedure and operations notes can be added to jobs and job streams. And training on operations and development are available. The Suite is massively scalable, and can easily accommodate growth in IT systems. A single master can process hundreds of thousands of jobs a day on several hundred agents, and still use minimal resources on the master s host machine. This greatly simplifies the issue of performance sizing, essentially turning it into a minor consideration. DELIVERY AND SUPPORT DETAILED CONTROL OBJECTIVES document defines the Delivery & Support domain as follows: This domain is concerned with the actual delivery of required services, which range from traditional operations over security and continuity aspects to training. In order to deliver services, the necessary support processes must be set up. This domain includes the actual processing of data by application systems, often classified under application controls. Define and Manage Service Levels Whatever service levels you set in your agreements, UC4 Workload Automation Suite will help you achieve them. UC4 has a reputation for reliability in production environments, running day in and day out with little or no intervention required. Its massive scalability ensures it runs your batch processing within the allotted time frame, with power to spare for future growth. If output distribution is part of your SLAs, the built-in output management functions ensure output is available immediately for online viewing and is sent to the designated output devices. If your distribution requirements are not overly complex, UC4 Workload Automation Suite can eliminate the need for a third-party output management software package, further simplifying the effort needed to meet SOX compliance. UC4 Workload Automation Suite keeps complete history records of all jobs run, making it easy to generate reports showing when jobs started and completed, and summarizing performance statistics. Audit reports are available showing all actions 4

taken on jobs run through UC4 Workload Automation Suite. The history records and audit reports are important elements in meeting SOX compliance. Manage Performance and Capacity The Graphical Analysis Package includes a Dashboard that continuously monitors agent and queue capacity to ensure jobs are being processed on schedule and at an acceptable rate to meet SLAs. To support workload forecasting, Graphical Analysis Package uses Gantt charts to project expected daily activity for up to a week in advance. This is complemented by Production Schedule reports that show all jobs that are scheduled to execute over a specified period of time. Ensure Continuous Service To ensure continuous service, built-in recovery tools that help you get back to a regular schedule as quickly as possible after a system failure. When UC4 the Suite comes back online, it checks the status of all jobs and updates its records, and then continues executing jobs from the point where the system went down. UC4 Workload Automation Suite supports fail-over schemas that can keep jobs executing through a system failure, assuming the host machines are operational. The Oracle database repository contains all of the job definition and scheduling information, and relies on the robust Oracle backup and recovery utilities to maintain the database. Ensure Systems Security UC4 Workload Automation Suite supports even the most stringent data security through its client user logins and passwords, roles that selectively control access to every feature and object in the product, and its database, host, and application logins that encrypt all passwords. By using encrypted logins and object-oriented job streams instead of scripts, there is never a need to include hard-coded passwords in scripts. Access to the client is controlled by user logins and passwords. Once a user has gained access to the client, the features and objects they can access are controlled by Suite roles. Roles can provide edit or view only access to objects. UC4 Workload Automation Suite supports LDAP services, allowing access to the UC4 client to be controlled via centrally managed user names and passwords. All information passing between the UC4 Workload Automation Suite master and the UC4 Workload Automation Suite agents, database, and clients, is encrypted, providing secure communication channels. Educate and Train Users UC4 Workload Automation Suite provides extensive product documentation, both in print and online, onsite training for initial implementations, and self-paced training geared to operations and development to cover ongoing training of staff. Assist and Advise Customers UC4 Workload Automation Suite provides 24x7 Technical Support to help customer resolve problems. Users also can enter problem tickets directly into the trouble ticket system, and search for answers to frequently asked questions in the extensive online Knowledge Base. Manage Problems and Incidents UC4 Workload Automation Suite can interface directly with several problem management systems including Remedy, Peregrine, Tivoli Enterprise, CA-Unicenter, BMC Patrol, HP OpenView, and NetCool. Manage Data In many cases, data required to run jobs and job streams can be retrieved automatically from corporate databases, eliminating the issue of authorization for data input, and eliminating the issues of accuracy, completeness, and validity associated with manual data entry. UC4 Workload Automation Suite can scan output for errors and halt processing at the point of failure. The errors can be corrected and processing resumed from the point of failure. Not having to restart the process from the beginning increases the likelihood of completing the processing on time to meet SLAs. UC4 Workload Automation Suite can distribute output from a job to one or more users for online viewing, and to output devices for printing. The number of days to retain output can be set for each job. Outof-date files are deleted during system 5

maintenance jobs. By automating output distribution, the organization is assured that output distribution policies are being followed. All scheduling information and object definitions are stored in its Oracle database repository. The UC4 Workload Automation Suite database should be included in your standard database back-up and restoration procedures. In Oracle, these procedures are world-class and provide a solid and reliable back-up and restoration strategy. Manage Operations UC4 Workload Automation Suite excels at job scheduling, ensuring jobs and job streams execute at the desired times when the appropriate dependencies have been met. The Suite scalable architecture ensures maximum throughput and system utilization, while at the same time the load leveling capabilities guard against system overload. Lag time between jobs is eliminated, ensuring job streams process in a minimum amount of time and SLAs are met. When departures from the standard job schedule are needed, UC4 Workload Automation Suite makes the changes easy through its staging capabilities. Jobs can be staged up to 48 hours or more in advance. When a job has been staged, an operator can change the parameters and dependencies of the job, even delete the job from a job stream. Operations have complete control to implement changes to schedules without altering the core schedule, or having to regenerate schedules. All of this is possible because UC4 Workload Automation Suite is a real-time scheduler relying on a master/agent architecture. UC4 Workload Automation Suite maintains extensive history logs of all jobs executed. The logs include detailed information about a job including when it started and ended, the parameters used to run the job, and the predecessors and successors of the job. History logs can be retained for the designated period of time required to satisfy audit requirements. In addition to the history logs, operators can add their own comments to jobs about how the job ran and actions they needed to take on the job. Each comment is date and time stamped. Operator logs become a permanent part of the job and are retained for the same period of time as the history logs. MONITORING CONTROL OBJECTIVES document defines the Monitoring domain as follows: All IT processes need to be regularly assessed over time for their quality and compliance with control requirements. This domain thus addresses management s oversight of the organization s control process and independent assurance provided by internal and external audit or obtained from alternative sources. UC4 Workload Automation Suite keeps records of all jobs executed through UC4 Workload Automation Suite, including start, stop, and execution times, and the completion status. Reports are available that document the number of jobs run in a day and the number of jobs executing at different times of the day. This information can be used to assess performance. Report information can be exported for use in other applications such as Excel. The data can be used to help determine if planned objectives have been met. Complete audit functions track all changes made to object definitions in UC4 Workload Automation Suite. Audit information includes a description of the change made, the date and time of the change, and the name of the user that made the change. The audit records are essential for SOX compliance. SUMMARY The Sarbanes-Oxley Act of 2002 has become a permanent part of the corporate landscape. Companies are now investigating how they can meet SOX compliance most efficiently. Through full automation of business processes, UC4 Workload Automation Suite can significantly reduce the number of controls, and consequently the amount of resources required to meet SOX compliance. UC4 Workload Automation Suite offers a companion document to this whitepaper that shows how UC4 Workload Automation Suite contributes directly to the specific controls defined in COBIT. The information is presented in four tables keyed to the four COBIT domains and the numbered COBIT 6

control objectives. The document is called UC4 Workload Automation Suite Applied to COBIT. You can obtain a copy of this paper by contacting UC4 Software. ABOUT UC4 SOFTWARE UC4 Software is a leading provider of workload automation and IT process optimization solutions that ensure core business processes and enterprise information systems run faster, more accurately and without interruption. More than 1,500 companies worldwide have successfully enhanced application processing performance and improved IT efficiency using UC4 s business acceleration solutions. Customers include American Suzuki Motor Corporation, Cadbury Schweppes, ebay, Eastman Kodak, General Electric, Mattel, McGraw Hill, Panasonic, Robert Bosch, Sun Microsystems, Symantec, T-Systems and Verizon. For more information, please visit WWW.UC4.COM. CONTACT UC4 SOFTWARE In the US at (877) 464-7300 (toll-free) In Europe at +43 2233 77880 www.uc4.com info@uc4.com 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information