They would have devoted more time and dedicated resources to the effort

IT news, careers, business technology, reviews | Computerworld

• • Executives who oversaw the first round of compliance with the Sarbanes-Oxley Act for their companies say they would have done things a bit differently in hindsight, including educating more workers about steps they needed to take, assigning dedicated staffers to assess and monitor critical controls, and automating a greater portion of repairs to IT controls deemed deficient.

やはりセルフテストなのに、内部監査が率先してテストするのは良くないってことなのね。
でもって、ＩＴ　Ｃｏｎｔｒｏｌの欠陥を補うことを優先する必要性があるのね。メモメモ〜♪

Ｔｉｍｅ　Ｗａｒｎｅｒって、内部監査に人をたくさん入れようとしている会社だったよな〜？

Michael Hultberg, executive director at Time Warner Inc., said officials at the media giant discovered during the first round of Section 404 compliance efforts that "many of the key controls we'd identified actually weren't that key." Time Warner, which spent a mind-numbing 350,000 man-hours identifying, evaluating and testing its financial and IT controls, ended up with a higher proportion of IT control deficiencies, such as security and change management issues, said Hultberg.

Looking back on Time Warner's first-year compliance efforts, Hultberg recommended that companies assign dedicated staffers to handle the work. "It's a heck of a lot cheaper than hiring [a third party]," he said.

アタシもそうだけど、何がＫｅｙ　Ｃｏｎｔｒｏｌかってことをきちんと判断するのって難しいのよね。テストしてプロセスの業務内容がわかってからだと遅すぎるし。やはりＩＩＡから出ているＫｅｙ　Ｃｏｎｔｒｏｌの本をしっかりと読んで勉強しようっと。

あと気になったのは、

ended up with a higher proportion of IT control deficiencies, such as security and change management issues

Ｓｙｓｔｅｍ　Ａｃｃｅｓｓをしっかりすることが大切なんだ。

このまま読み進めたけど、

One of the biggest challenges companies faced last year was trying to test thousands of internal controls with manual testing procedures instead of automated IT tools, said Harald Will, president and CEO of ACL Services Ltd., a Vancouver, British Columbia-based vendor of software for financial executives. As a result, many internal audit teams "didn't get to everything they should have because they're spending so much time on manual controls," said Will.

やっぱ、内部監査としてはＩＴ　Ａｕｄｉｔもできるようでないとやってけ内のだろうな。テキストが届き次第ＣＩＳＡの勉強を始めようっと。

☆無料のネットニュースだけど、今回は読み応えがある記事だったので嬉しい。