Sarbanes Oxley Compliance: A Roundtable Discussion on May 3, 2005

IT Security and Sarbanes Oxley: A Roundtable Discussion of Lessons Learned

Ronald Reagan Building, Washington, D.C. 
Tuesday, May 3, 2005

Sponsoring Organizations:

GMU CIP Program  Information Systems Security Association

Since its passage, the Sarbanes-Oxley Act of 2002 (SOX) has engendered spirited debate over the law's implications for corporate information security, especially with respect to the internal control provisions of Section 404. A legal review commissioned by the Cyber Security Industry Alliance (CSIA) concluded that compliance with Section 404 requires publicly traded companies to employ information security to the extent necessary to ensure the effectiveness of internal controls over financial reporting.   

In reaching this conclusion, we recognize that, given the size and complexity of IT systems and networks in most publicly traded companies, the statutory and administrative materials governing Section 404 may still lack the detail and specificity regarding IT governance and security that management and auditors might want to guide and inform their compliance efforts. We hope to consider a number of questions:    

  • Does management and/or the audit community require more detailed and specific guidance on how companies may meet Section 404 compliance requirements for information security?

  • Should the Public Company Accounting Oversight Board be asked to provide such guidance?

  • Is additional legal guidance needed or desirable?

  • If not, how can management and auditors conduct Section 404 activities more efficiently and effectively?

To address the issues relating to IT security and SOX, CSIA are hosting a conference of senior managers, auditors, corporate counsel, and IT professionals to discuss experiences in undertaking Section 404 compliance. The conference will address these questions in light of collective experiences.

You are personally invited to attend this conference, "IT Security and SOX Compliance." We feel that this investment of your time will yield benefits not only to your enterprise but to the broader community of corporate stakeholders as well.

To register for this event, please go to:

Registration is $95 for all participants.  There is no charge for federal government attendees.