Manage Programme Development - Morland-Austin

IT GRC Knowledge Base » IT Compliance Management » IT Compliance Management – SOX 404 » SOX IT Controls » Manage Programme Development

This article provides an overview of SOX 404 control Manage Programme Development.

The typical SOX 404 IT controls for Manage Programme Development are as follows.

Software Development Lifecycle
Description: A documented software development lifecycle exists and is enforced.

Control Objective: A standard software development lifecycle exists with appropriate approvals at key stages.

Typical Evidence

There is a documented process in place for the software development lifecycle.
Approvals are required from both IT and functional owners for kick-off.
Approvals are required from both IT and functional owners for testing.
Approvals are required from both IT and functional owners for deployment to production.

Software Development Lifecycle and SOX 404
Description: A documented software development lifecycle exists which requires a documented decision as to whether any new application is in scope for SOX 404.

Control Objective: To ensure that all new applications that should be in scope for SOX 404 are registered.

Typical Evidence:

There is a documented process in place for ensuring that SOX 404 in-scope applications are flagged.

For more information please contact Morland-Austin at info@morland-austin.com.

Find your way around our IT GRC Framework Educate & Explore

Where next?

Increase your knowledge
Links & relationships within the framework

Find out how Manage Programme Development link(s) and relate(s) to:

Speak to one of our experts

Our IT GRC experts can help you with guidance and consultancy on ‘IT Compliance Management – SOX 404’