SOX 404 and IT General Controls (ITGC)
The Sarbanes-Oxley Act of 2002 (SOX) is a federal regulation establishes for how publicly traded U.S. companies communicate, store, and protect financial information. Section 302 of the law requires companies to develop “internal controls” to ensure the accuracy of their financial reporting, while Section 404 requires companies to assess and document the effectiveness of those internal controls. The relationship between IT processes and the “internal controls” described in Section 404 is not very clearly defined.
TCG utilizes frameworks like COBIT 5, COSO, and ISO/IEC 27001:2013, to model respective IT processes and controls for your business by using these standards as a framework for IT General Controls (ITGC) and as a guide for performing IT security assessments for organizations regulated by SOX.
TCG Consultants know how to meet the rigorous demands of the regulatory environment and communicate with auditors and audit committees within a risk-based framework. Our team’s objectivity and assessment quality can reveal internal control over financial reporting improvement opportunities and allow external auditors to rely on third-party work. And, we can flexibly scale to your specific needs and level of support.