Many organizations struggled with effectuating the government legislations that followed the destruction of billions of market value due to unethical behavior by senior executives. The most well-known of these “difficult” legislations are the Sarbanes-Oxley Act of 2002 (SOX) in the US, and the 8th Directive in Europe. These rules are particularly radical in the areas of assessment and oversight of control systems that support external financial disclosures and, therefore, have a significant impact on IT organizations of stock listed companies and its IT suppliers.
For this reason, improving the level of ‘IT control’ is an issue that is keeping a lot of IT managers up nights. The answer from Quint is a combination of IPW™SM, IT governance and ISO20000.
ISO20000 is the first worldwide quality standard specifically aimed at IT Service Management. It describes an integrated set of processes and management approach for the effective delivery of services to the internal or external customer. ISO20000 is basically a marriage between two best practices: ISO9000 and ITIL. The main difference between ITIL and ISO20000 is the possibility of certification by an independent auditor. This, and other qualities, makes it an interesting concept from a SOX perspective.
There is now a white paper available (in two parts) dealing with the managerial, process and behavioral aspects of achieving effective IT control.
