What is SOX 404 and IT General Computing Controls (ITGC)?
The Sarbanes-Oxley Act of 2002 (SOX) is a federal regulation establishes how publicly traded U.S. companies communicate, store, and protect financial information. Section 302 of the law requires companies to develop “internal controls or framework” to ensure the accuracy of their financial reporting, while Section 404 requires companies to assess and document the effectiveness of those internal controls. The relationship between IT processes and the “internal controls” described in Section 404 is not very clearly defined. Industry accepted and established standards like COBIT, COSO, and ISO 27001:2013 are utilized by enterprises to modeling IT processes and respective controls.