What Does SOX Mean to Project Managers

Shared by: kfb17046

Tags

project management, project manager, sox compliance, project managers, the organization, project team, internal control, how to, portfolio management, project management software, best practices, sarbanes-oxley act, project server, office project, web 2.0

Stats

views:: 3
posted:: 2/8/2010
language:: English
pages:: 6

Public Domain

Document Sample

							What Does SOX Mean to
  Project Managers?

      Trish Heiman,
 Technical Project Director
       Freddie Mac
SOX-Driven Controls
Project Managers are accountable for
  ensuring these controls are in place for
  the project and project deliverables
    Change Management
    Segregation of Duties
    Protection of Data
 Change Management
Charter must clearly define authorization for the
project
  Project Stakeholders
Application/Process change management process
must clearly authorize who can approve changes
to the current production state
  Account level Change Control Boards
Project Change Management process in place for
approving changes to the project scope, schedule
and budget
  Project/initiative level change control
Segregation of Duties
Project Manager is accountable for maintaining
segregation of duties within project lifecycle and
ensuring SoD framework is appropriate for post-
project support
  Developers separate from Deployers who are separate
  from Production Support
  Testers do not have write access to code
  SoD Implementation often complicated by technology
  limitations
  Increases minimum size and costof project Bundle!
Protection of Data
Project Managers ensure application is
designed to protect data
  No user direct access to database
  Program includes mechanisms for correcting
  data (as opposed to Data Corrections)
  Data Correction process with authorized
  approvers (where absolutely necessary)
         Bottom Line:

These are already part of PMBOK
and best practices!!