Part 1 of this column discussed the requirement of the Sarbanes-Oxley Act of 2002 for internal control reporting to senior management. The governance analysis that is required by this Act in the U.S., and by similar governance initiatives in other countries, was discussed in terms of the questions that are addressed by enterprise architecture. Several matrices were used to illustrate typical questions that must be capable of being answered. Part 2 of this column now discusses how these matrices are developed. Both parts of this article are of interest to senior management.

It is important to note that none of the matrices in Figures 3-6 (found in Part 1 of this column) were manually defined. To create the relevant row and column titles manually for each of these tailored matrices is extremely difficult; to keep them manually updated continually as the enterprise changes over time is even more difficult. Only if all matrices are maintained up-to-date over time can they be relied on for effective internal control. When other matrices also listed in Part 1 are considered, manual definition and maintenance of these matrices for internal control reporting purposes is no longer a practical or realistic option.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access