|
|
|
Sarbanes Oxley
This act has been enacted to protect the interests of investors by improving the accuracy and reliability of corporate disclosures. Section 302 is for corporate responsibility for financial reports, and Section 404 refers to Management assessment of internal controls.
The Sarbanes-Oxley Act is not just a financial issue. It is going to change the way utilities will conduct their business and continue to improve process efficiencies.
Utility operations are unique and specialized: dispersed infrastructure, sophisticated control systems, and business in a de-regulated environment all pose challenges leading to major impacts on the operational and financial performance of utilities. Compusharp has the specialized knowledge of Electric Utility operations as well as COSO/COBIT products for timely implementation and on-going maintenance of Sarbanes Oxley compliant systems.
The Committee of Sponsoring Organizations (COSO) Framework typically encompasses:
 |
Control Self-assessment survey |
|
|
Risk Assessment |
|
|
Issue Tracking |
|
|
Reporting |
|
Monitoring
| Natural: Earthquake, Hurricanes |
| Internal: Process, People |
| External: ISO/RTO/FERC/NERC |
| Threats: Energy Supplies, Economy, Terrorism |
| Environment: CEQA |
|
|
|
Review |
|
|
Management Certification |
The Control Objectives for Information and related technology (COBIT) typically encompasses:
|
|
Planning/Organization: Procedures/Policy/Security Posture |
|
|
Acquisition/Implementation |
|
|
Delivery/Support: Access control, Authorization |
|
|
Monitoring: revision and testing |
|
|
Continual remediation of vulnerabilities
| Control Systems: RTUs, SCADA, DCS |
| IT: Cyber Security |
| Communication: Wireless, Internet |
|
At Compusharp, we understand the Sarbanes Oxley requirements as applicable to Electric Utilites
|
|
