SOX

SOX is U.S. federal legislation requiring public companies to implement and attest to internal controls over financial reporting.

Section 404 mandates management and auditor assessment of internal controls, which includes IT general controls (ITGC) around access management, change management, and data integrity. Violations can result in criminal penalties for executives.