SOX Act Overview of IT Requirements 1456

  • Hello Everyone,
    I am new to this forum and have not yet read the SOX Act (but I plan to). I am wondering if anyone can point me to a good overview of the ACT and what it really requires of IT.
    I read one powerpoint that suggests SOX be used as leverage to clean up all IT systems but I don’t agree with that train of thought (unless the SOX Act actually mandates that). I personally believe that ‘spinning’ a law to get other things accomplished just leads to trouble. (I spent some time studying HIPAA and the same thing happened there).

  • Hi,
    A good resource is available from Protiviti. It may be found at:
    Guide to the Sarbanes-Oxley Act: IT Risks and Controls: Frequently Asked Questions
    This publication, which serves as a companion to Protiviti’s Section 404 book, Guide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements, offers guidance to Section 404 compliance project teams on the consideration of IT risks and controls at both the entity and activity levels within an organization. The questions and answers focus on the interaction between the IT organization and the entity’s application and data-process owners, and explain the implications of general controls and how they are considered at the process level. The guide also explores how application-control assessments are integrated with the assessment of business-process controls, and addresses documentation, testing and remediation matters.
    Additionally, the Big-4 have a lot of resources available online with specific emphasis on SOX and IT Controls.
    Hope this helps and good luck,

  • Thanks for the reply. I have been surfing some of the posts and have heard a lot about the ‘Big 4.’ This may sound very ignorant, but who are the ‘Big 4?’

  • I think what’s more important is that you familiarize yourself with the Big-G as in Google.
    TJB, meet Google…Google, meet TJB.
    Anyways, to answer your question:
    The Big-4:
    Deloitte and Touche
    Ernst and Young

Log in to reply