[ISN] Canadian IT Audit Standard set to change

InfoSec News isn at c4i.org
Fri Mar 25 04:35:34 EST 2005


Forwarded from: Mark Bernard <Mark.Bernard at TechSecure.ca>

Dear Associates,

Here in Canada the Chartered Accountants of Canada are in the process
of making amendments to our Canadian IT Audit standards, CICA 5025,
5310 & 5900. These amendments will bring our Canadian Financial
Management controls into compliance with the United States SOX and SAS
70 standards. There will also be a new Canadian standard titled CICA
70 created to address everything that the previous amendments won't.
As you may already be aware SAS 70 and SOX standards have been
identified as a potential solution to the protection of private
information. If nothing else the heightened awareness of information
security will benefit the protection of private information.

In addition, we are anticipating newly crafted Financial Securities
legislation this year currently under review in Ontario known as Bill
198. It's very likely that each of the Canadian provinces will adopt
Bill 198 provisions within current provincial legislation for
securities trading and management.

The current target release date for CICA amendments is mid April 2005
while SAS 70 and SOX deadline has been extended to mid November 2005.
Compliance with CICA standards is scheduled for November, just in time
for 2006 IT Audits.

The answer to complying with all of this new legislation is to
implement a best practice framework such as ISO 17799 or ISACA's
COBiT. I would personally recommend ISACA's COBiT because its a world
wide standard that IT Auditors and Financial professionals recognize.
A hybrid strategy using both ISO 17799 and COBiT is really that much
better since both IT professionals and Financial Professionals can
relate to each standard. Since it's very likely that your annual
audits will be conducted by IT Auditors with Financial backgrounds it
truly is the only logical solution.

Why should IT be concerned about the Finance Department?

Well, if you're an IT Professional who's worked long enough in the
corporate world than you already know how important it is to work
closely with the Finance Department in your organization. Its
imperative that projects like this and capital expenditures are
clearly understood, so that they get approved for the annual budget
and not get cut during the annual rollback on capital expenses. After
all this project will be mutually beneficial to both groups.

Here's a link for more information about CICA 5900;  
http://www.cica.ca/index.cfm/ci_id/19365/la_id/1.htm

Here's a link for COBiT;  
http://www.isaca.org/Template.cfm?Section=COBIT_Online&Template=/ContentManagement/ContentDisplay.cfm&ContentID=15633

Best regards,
Mark.


Mark E. S. Bernard, CISM, CISSP, PM,
Principal, Risk Management Services,

e-mail: Mark.Bernard at TechSecure.ca
Web: http://www.TechSecure.ca
Phone: (506) 325-0444


Leadership Quotes by John Quincy Adams: "If your actions inspire
others to dream more, learn more, do more and become more, you are a
leader."





More information about the ISN mailing list