| The Information Technology Infrastructure Library
(ITIL) is an industry-leading set of IT Service Management best
practices. These best practices for the support and delivery of IT
services can help a company document IT processes as required for
Sarbanes-Oxley.
Troy DuMoulin, managing consultant at Pink Elephant — an
organization providing ITIL based consulting, education,
conferences and outsourcing services, notes a shift in how
organizations approach best practices for IT services: “In the
past, companies used best practices out of a desire for self
improvement and to create a positive impact on the bottom line.
Now, with Sarbanes-Oxley, they have to do it because it's a
formal, legal requirement.”
ITIL is part of the foundation of the COBIT model, which
defines control objectives for IT in support of business
processes. COBIT was explicitly chosen as the tool of choice for
external auditors to use in IT audits for Sarbanes-Oxley. “Since
auditors are using COBIT, it makes sense for organizations to
learn about the model. The model identifies key performance
indicators and critical success factors that organizations can
take into consideration when documenting or re-engineering a
process,” DuMoulin says.
“Although there are many different control frameworks out
there, many of them have ITIL at their core. With COBIT for
example, 45-50% of the control objectives are covered within ITIL.
In particular, ITIL’s Service Support and Service Delivery
processes address almost a dozen specific control objectives,”
DuMoulin says.
The ITIL process documentation and COBIT control objectives are
a powerful combination that can accelerate Sarbox compliance. |
