Sarbanes-Oxley and added-elements like the U.S. National Association of Insurance Commissioner's (NAIC) “audit rule,” Basel II, Solvency II, IFRS and Unity and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act. These are just some of the small number of legislations, and more under proposal financial firms will have to comply in certain markets.
The frequencies, with which audits will need to be performed in organizations, and also within the IT organization, are undoubtedly going to increase. The number of auditing standards and methodologies required nowadays are numerous: SAS-70, ISO, BSC to name just a few.
How does an organization cope with this torrent of controls to make sure that control objectives can be achieved independent of the audit methodology? Moreover, if your organization has to make a choice, which methodology suits you best?
