Rationalization of IT Control Frameworks

Many companies embarked on the SOX/CSOX compliance journey in a silo of other business, regulatory and statutory initiatives underway in the organization such as COBIT, ISO, ITIL, SIX Sigma, CMMI, etc. This presents an opportunity for companies to rationalize and optimize IT control frameworks. Rationalization is the process of first identifying specific IT controls from the universe of controls that have the most pervasive impact on the business and then using these controls to satisfy multiple requirements. Optimization is focused on using the available resources in an efficient manner to produce the desired results.

Using a top-down, risk-based approach, FinEx Group will enable companies to define a relevant composite IT control framework that is aligned to business risks of the organization. This composite IT control framework will be customized to the specific business needs but will also promote the use of common IT documentation, integration of common controls into daily work activities, automation of common controls, and testing and reporting of IT controls in an optimized fashion.