ABSTRACT
The Sarbanes-Oxley Act of 2002 (SOX) is one of the most important and sweeping regulatory changes of
the past century. Enacted in response to the accounting scandals of 2001 and 2002, SOX is intended to
protect investors from insiders who misuse their access to financial and accounting information in order
to commit fraud within an organization. Sarbanes-Oxley Act contains a variety of provisions, but the one
most applicable to corporate information technology (IT) personnel is the Section 404 requirement that
mandates corporations must annually disclose, audit, and report on their assessment of internal controls
that are in place to prevent misuse of financial data.