What is SOX 404 and IT General Computing Controls (ITGC)?
The Sarbanes-Oxley Act of 2002 (SOX) is a federal regulation establishes how publicly traded U.S. companies communicate, store, and protect financial information. Section 302 of the law requires companies to develop â€śinternal controls or frameworkâ€? to ensure the accuracy of their financial reporting, while Section 404 requires companies to assess and document the effectiveness of those internal controls. The relationship between IT processes and the â€śinternal controlsâ€? described in Section 404 is not very clearly defined. Industry accepted and established standards like COBIT, COSO, and ISO 27001:2013 are utilized by enterprises to modeling IT processes and respective controls.