The Information Technology Infrastructure Library (ITIL) is an industry-leading set of IT Service Management best practices. These best practices for the support and delivery of IT services can help a company document IT processes as required for Sarbanes-Oxley.

Troy DuMoulin, managing consultant at Pink Elephant – an organization providing ITIL based consulting, education, conferences and outsourcing services, notes a shift in how organizations approach best practices for IT services: "In the past, companies used best practices out of a desire for self improvement and to create a positive impact on the bottom line. Now, with Sarbanes-Oxley, they have to do it because it's a formal, legal requirement."

ITIL is part of the foundation of the COBIT model, which defines control objectives for IT in support of business processes. COBIT was explicitly chosen as the tool of choice for external auditors to use in IT audits for Sarbanes-Oxley. "Since auditors are using COBIT, it makes sense for organizations to learn about the model. The model identifies key performance indicators and critical success factors that organizations can take into consideration when documenting or re-engineering a process," DuMoulin says.

"Although there are many different control frameworks out there, many of them have ITIL at their core. With COBIT for example, 45-50% of the control objectives are covered within ITIL. In particular, ITIL's Service Support and Service Delivery processes address almost a dozen specific control objectives," DuMoulin says.

The ITIL process documentation and COBIT control objectives are a powerful combination that can accelerate Sarbox compliance.