Guide to the Sarbanes-Oxley Act: IT Risks and Controls

Subscriber Content
Screenshot of the first page of Guide to the Sarbanes-Oxley Act IT Risks and Controls Second Edition
By
Protiviti
Frequently Asked Questions: Second Edition - How to Consider IT Risks and Controls for SOX Section 404 Compliance

The Sarbanes-Oxley Act (SOX) Section 404 mandates that all publicly-traded companies establish internal controls for financial reporting and must maintain those controls to ensure they are effective, with the purpose reducing corporate fraud. The priority goals of Section 404 align with management’s existing responsibilities when undertaking an information technology (IT) conversion or implementation project.

In this booklet, we provide guidance to Section 404 compliance project teams on the consideration of IT risks and controls at both the entity and activity levels within an organization. We also explore how application-control assessments are integrated with the assessment of business-process controls, and addresses documentation, testing and remediation matters.


Topics
Corporate Governance
Sarbanes-Oxley Act
Internal Controls
IT Controls
Entity-Level Control
Accounting/Finance
IT Audit
Audit Committee & Board

Related Resources

Checklists & Questionnaires

IT General Controls Questionnaire

Protiviti Booklets

Guide to the Sarbanes-Oxley Act

Protiviti Booklets

Guide to the Sarbanes-Oxley Act: Internal Control Requirements - Frequently Asked Questions Regarding Section 404

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.

Let's Do It