Research On IT Control Based On COBIT And SOX Compliance

In the information age with the integration of IT and business routines, IT governance andIT control's core roles are rapidly recognized in corporate governance and internal control. ITgovernance guarantees the implementation of company's business objectives by balancing therisks and added values of information techniques and processes. Being a new hot topic ininternal control field, IT control concept has not been distinct defined and relative research is stillin preliminary proceeding. After the integration of the background and applied environment, ITcontrol's concepts involve all stages of relative internal control processes of company routines,such as IT assets purchase, management and so on. Its connotation includes environment of ITcontrol, operation and maintenance of hardware and software, access of information data anddevelopment and alternation of information system. Valid and conform implementation of ITcontrol would reduce the risks and improve the ROI of IT. The relationship of IT governance andIT control is the continuation of corporate governance and internal control in the IT background.In this paper, we also focus on the research of IT control and relevant contents.Finance scandals, such as the Enron story and the WorldCom incident, show seriousseverities among many listed corporations that corporate governance structure is out of balanceand internal control is out of control. So the Sarbanes-Oxley Act (SOX) was passed by the USACongress and signed into law in 2002 in order to regulate the behaviors of corporate governanceand improve the accuracy and reliability of internal control. Recently, Chinese company UTStarcom was fallen into SOX-404 compliance trouble again for sub-quality internal controlreport and was menaced to lose the quality on the Nasdaq stock market. Many listed corporationsare also encountered with SOX compliance for material weakness of IT control. All these issuesshow the importance of IT control and the practical significance of SOX compliance.So in this paper, we deduce the practical requests of SOX compliance and IT control theoryand try to find a pertinent application mode with the proper feasibility and availability. On thefoundation of IT control research approaches, the famous IT governance model COBIT isexplored with the evaluation criteria of the SOX-404's control requests. After all, valid concreteIT control implementation is discussed in details with IBM WBCR software. The characteristicsof the whole thesis are summarized into four following aspects:1. IT control research background is deeply analyzed while some relative concepts anddefinitions are provided.2. According to the independent supervise role of the government, some factors arediscussed to explain why SOX-404 is used as the practical standard to judge the availability ofcorporate IT control.3. Based on the relationship of IT control and IT governance, control validity is argued fromthe view of governance. Then a theoretical architecture of IT control based on COBIT isprovided and the availability is proved.4. The COBIT process control idea and SOX-404 valid internal control requests areexplored in accord with the IBM WBCR functions, which is used to study the concreteimplementation and realization of IT control architecture with the company's routines.