In most large businesses, critical financial processes—including accounts payable and receivables,
order administration, customer billing, inventory management, and payroll—run automatically on a vast,
complex computing and networking infrastructure. It’s tempting to believe that this infrastructure is a
monumental, unchanging entity and once policies are established and the systems are running, everything
is fine. In fact, IT operations are fluid. New servers and network devices are put into production. New
software is installed. Old software is patched. Hundreds of configurations change daily. Systems can
change from a known good state—either intentionally or via a process known as “integrity drift.” Security
breaches or unintentional errors create vulnerabilities that may go unnoticed. Even remedying security
breaches or patching software can cause changes that are never fully documented.
IT operational integrity hinges on change and configuration management processes. Proven integrity
assurance software can verify that these processes are actively managed and that monitored systems
match a known, good state. Therefore, when an organization puts internal controls in place for meeting
compliance regulations, the only way to assure that internal controls are effective is to assure the integrity
of the critical underlying IT change and configuration management processes.
The silver lining to all of this? When IT best practices and integrity assurance frameworks are
implemented, organizations not only can evaluate systems and controls against a known good state
and meet compliance regulations—they gain understandable, verifiable information that enables them
to significantly improve systems availability, IT service quality, IT staff productivity, and cost savings.
--Courtesy of Tripwire Sarbanes-Oxley White Paper