Forwarded from: Mark Bernard <Mark.Bernard@private> Dear Associates, Here in Canada the Chartered Accountants of Canada are in the process of making amendments to our Canadian IT Audit standards, CICA 5025, 5310 & 5900. These amendments will bring our Canadian Financial Management controls into compliance with the United States SOX and SAS 70 standards. There will also be a new Canadian standard titled CICA 70 created to address everything that the previous amendments won't. As you may already be aware SAS 70 and SOX standards have been identified as a potential solution to the protection of private information. If nothing else the heightened awareness of information security will benefit the protection of private information. In addition, we are anticipating newly crafted Financial Securities legislation this year currently under review in Ontario known as Bill 198. It's very likely that each of the Canadian provinces will adopt Bill 198 provisions within current provincial legislation for securities trading and management. The current target release date for CICA amendments is mid April 2005 while SAS 70 and SOX deadline has been extended to mid November 2005. Compliance with CICA standards is scheduled for November, just in time for 2006 IT Audits. The answer to complying with all of this new legislation is to implement a best practice framework such as ISO 17799 or ISACA's COBiT. I would personally recommend ISACA's COBiT because its a world wide standard that IT Auditors and Financial professionals recognize. A hybrid strategy using both ISO 17799 and COBiT is really that much better since both IT professionals and Financial Professionals can relate to each standard. Since it's very likely that your annual audits will be conducted by IT Auditors with Financial backgrounds it truly is the only logical solution. Why should IT be concerned about the Finance Department? Well, if you're an IT Professional who's worked long enough in the corporate world than you already know how important it is to work closely with the Finance Department in your organization. Its imperative that projects like this and capital expenditures are clearly understood, so that they get approved for the annual budget and not get cut during the annual rollback on capital expenses. After all this project will be mutually beneficial to both groups. Here's a link for more information about CICA 5900; http://www.cica.ca/index.cfm/ci_id/19365/la_id/1.htm Here's a link for COBiT; http://www.isaca.org/Template.cfm?Section=COBIT_Online&Template=/ContentManagement/ContentDisplay.cfm&ContentID=15633 Best regards, Mark. Mark E. S. Bernard, CISM, CISSP, PM, Principal, Risk Management Services, e-mail: Mark.Bernard@private Web: http://www.TechSecure.ca Phone: (506) 325-0444 Leadership Quotes by John Quincy Adams: "If your actions inspire others to dream more, learn more, do more and become more, you are a leader." _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Fri Mar 25 2005 - 03:32:49 PST