The Sarbanes-Oxley Act of 2002 (SOX) is a federal regulation establishes for how publicly traded U.S. companies communicate, store, and protect financial information. Section 302 of the law requires companies to establish “internal controls” to ensure the accuracy of their financial reporting, while Section 404 requires companies to assess and document the effectiveness of those internal controls. The relationship between IT processes and the “internal controls” described in Section 404 is not very clearly defined. There are, however, a few different standards, such as COBIT 4.1, COSO, and ISO 27001:2013, that can be used for modeling IT processes. AppliedTrust uses these standards as a framework for IT Governance and Controls (ITGC) and as guide for performing IT security assessments for organizations regulated by SOX.
Let us bring a practical approach to your SOX compliance effort. Call us at (303) 245-4545 or contact us online.