A Toolkit for IT Professionals

Whether you work for a publicly traded or pre-IPO company or as an IT consultant, you are familiar with the daunting task of complying with the Sarbanes-Oxley Act. You have no doubt seen the hour and dollar estimates for compliance go up and up. With this book, you can now regain control of your budget and schedule. This ground-breaking, fully integrated book and bootable "live" CD provide all the information and the Open Source tools for you to use to achieve IT SOX compliance. This book illustrates the many Open Source cost-saving opportunities that public companies can deploy in their IT organizations to meet the mandatory compliance requirements of the Sarbanes-Oxley Act.

• Streamline IT SOX Compliance Using the Live CD: Use the tools on the bootable Linux CD to automate and manage workflow, disseminate information, track projects, manage groups, and much more.
  

• Understand the Liability of Noncompliance: Learn the penalties associated with noncompliance resulting from both intentional and unintentional filing of an inaccurate certification.
  

• Deploy COBIT Standards and Best-Known Methods (BKMs) in Your Organization: Master the six components of COBIT: Executive summary, framework, control objective, control practices, management guidelines, and audit guidelines.
  

• Create an IT SOX Compliance Policy: Learn to write, implement, and enforce an effective IT compliance policy that will be supported by both users and management.
  

• Realize the Benefits of Open Source Tools: Deploy Open Source applications throughout your enterprise to reduce cost and improve security.
  

• Plan and Organize Your COBIT Strategy: Develop strategic IT plans that support business objectives and can stand the test of time.
  

• Acquire Requisite Applications and Implement Your Plan: Ensure that you have the right people, skills, and tools to implement, test, certify, and maintain both existing and newly developed systems.
  

• Deliver and Support New Systems: Ensure that new systems perform as expected upon implementation and that they continue to perform in accordance with established expectations.
  

• Monitor the Progress of Your COBIT Deployment: Use service level agreements (SLAs) or established baselines to quantify performance against expectations and proactively troubleshoot problems.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 17 Ratings

ARE YOU IN COMPLIANCE?? - 2006-07-22
Reviewer Rating:
Are you a CFO, CIO, CEO, VP, Director of IT, IT Operations Manager, and/or IT Consultant? If you are, then this book is for you! Authors Christian Lahti, Roderick Peterson, and Steve Lanza, have done an outstanding job of writing a practical book that gives you the reader, an understanding of how open source technology and tools might be applied to your individual requirements.

Lahti, Peterson, and Lanza, begin by discussing why the Sarbanes-Oxley (SOX) experience promises to be quite different in terms of depth, cost, and resources. Then, the authors discuss how Congress enacted the Sarbanes-Oxley Act of 2002 in an effort to prevent financial scandals such as those that occurred at Enron and MCI. Next, they explore the need for SOX compliance and the possible consequences of noncompliance--lawsuits, negative publicity for the company, and fines for executive management. The authors then investigate the entire open source phenomenon and the fundamental differences between it and nonfree software. They continue by covering the difference between SOX and COBIT. Then, the authors discuss automation and why it should be a key component of any small to medium-sized company's SOX compliance activities. Next, they cover the COBIT Delivery and Support Delivery and Support Domain and why it is important, not only to SOX compliance activities, but also from an IT Department repositioning perspective. The authors then discuss Deming's continuous quality improvement process, specifically how it was predicted on a closed-loop process. Finally, they show you how to reposition an IT Department, by utilizing COBIT for SOX.

In this most excellent book, you will find a lot of applicable content--basically as much as the authors could muster by way of open source technologies and how they fit into the SOX sphere of influence. More importantly, this book illustrates the many Open Source cost-saving opportunities that public companies can deploy in their IT organizations to meet the mandatory compliance requirements of SOX.

Nice Resource on Sarbanes-Oxley Compliance - 2006-08-11
Reviewer Rating:
If you are a company or IT person that is responsible for keeping your company compliant with the Sarbanes-Oxley act of 2002, you owe it to yourself to pick up this book. Chock full of tons of helpful advice and guidelines, this 300+ page text will help get your IT department streamlined and well structured. The Sarbanes-Oxley act was put into place in direct response to the outlandish acts of companies such as Tyco, Enron, MCI and the such where the public will know that their investment money is being used towards non-corrupt practices and this involves not only financial numbers, but also the systems that hold such important data.

Nice book, helpful guide

**** RECOMMENDED

A waste of money. - 2007-01-05
Reviewer Rating:
If you are preparing for the CISA,do not waste your money on this book. Put your money towards the ISACA's study materials. I found several errors as well as disagreements between this book and ISACA's study guide.

Could be better organized - 2009-09-12
Reviewer Rating:
The book does a fair job in describing the requirements of SOX.
However, it often only scratches the surface of SOX compliance, while spending a lot of time on seemingly less important issues.

It is also a strong pro-open source text.
Unfortunately it does not provide much in terms of comparison with other (proprietary) solutions, so one just needs to take its word.

OK read, but that's about it.

Open Source Compliance Using CobiT - 2007-10-10
Reviewer Rating:
This book is a winner. It is clever, and fresh, and offers some really great concepts and ideas for companies needing to, or wanting to (yes there is such a thing), comply with SOX. Also, I really like the open source 'tool kit' that they provide, and being a big fan of CobiT, and Linux, I was a pretty easy sell. Note: I got the CD to run without any problems at all, but perhaps I got a later 'bugless' version.

I guess my only reservations about the book are its target audience. Frankly, I can't see a bunch of deep pocket corporations with millions on the line if they come up short in the SOX compliance department, worrying too much about saving $50K on some (admittedly pretty cool) compliance tools. However, I do think that the ideas presented would certainly apply to the mid-caps and small-caps who are perhaps looking to seriously reduce compliance costs, and also speed up the documentation (read: collaborative documentation) required of SOX.

I would also point out that COSO - the primary framework endorsed by the SEC for (financial) internal controls - and CobiT - the framework primarily endorsed by the book - can live happily ever after. Since this book approaches SOX compliance from the IT perspective, I find this totally logical, consistent, and practical. I only raise it because some would probably wonder were COSO fits into all this.

I would have rated the book 5 stars, but I think it got bogged down a little in the technical, and would leave your typical SOX enthusiast nodding off and reaching for the remote. Being part geek myself - I rather enjoyed the excellent technical dissertations.

The book is clever. The approach is smart, original and timely. It would definitely work for small and mid caps. And those iPod toting, Wikipedia GenXers you have helping out on SOX, would take to it like Frisbees to a frat house.

Browse Similar Topics

Top Level Categories:
Enterprise Computing
IT Management

Sub-Categories:
Enterprise Computing > IT Infrastructure
IT Management > Network Management