Sarbanes-Oxley (SOX) is here to stay for small to mid-sized enterprises (SMEs), which the Securities and Exchange Commission (SEC) defines as any publicly traded company with less than $75 million in market capitalization. Despite the fact that auditing standards have been adjusted for smaller organizations, many SMEs still need to prioritize and strengthen those internal IT controls that protect information assets.
The Information Systems Audit and Control Association (ISACA) is the organization that sets standards for auditing and grants certification to auditors. New studies from ISACA pinpoint the top controls that are the most important for SMEs. This research note discusses:
- The latest SOX developments in the SME space.
- Key findings from the ISACA study.
- Which tactics SMEs can use to satisfy internal IT controls.
SMEs must implement control objectives for compliance and improved security, but have limited means to do so. The ISACA study prioritizes the most important IT controls so that SMEs can get on top of their control game.