Governance Elements of Sarbanes-Oxley

The Sarbanes-Oxley Act (SOX) has significant information security implications for companies governed by the law. Sections 302, 404, and 409 of SOX, and corresponding SEC Rules and Regulations, have tremendous ramifications for information technology in the areas of control (internal controls), evaluation (governance, measurement and recordkeeping), and disclosure (reporting and certification). These "control, evaluate and disclose" elements must work together as pieces of an overall SOX compliance process. Companies that must comply with the law need to adopt changes to corporate governance and a process of change auditing that will adequately meet the challenges of SOX compliance.

Darning SOX whitepaper highlights:

The SEC definition of "internal controls" as they apply to SOX;

The relevance of COSO and COBIT in SOX compliance initiatives;

Guidelines for ongoing evaluation of internal controls;

SOX disclosure guidelines; and

Responsibilities, penalties, enforcement, and deadlines relevant to SOX compliance;

See full Article (registration required).