Sarbanes-Oxley, or SOX, or sometimes called Sarbox, established new and enhanced accounting and reporting standards for public U.S. companies.

This has led to many new reporting and auditing requirements for application development teams that make software that involve company revenue generation, reporting, customer information and accounting.


The Sarbanes-Oxley Act of 2002 was passed in response to several major corporation's accounting scandals, such as Enron, Tyco International and WorldCom and the Dot com bust.

These scandals were eroding the public trust of corporate accounting and creating a stock market nightmare for investors. The government wanted to quell this rising tide of no-confidence by overwhelming approving the Sarbanes-Oxley Act.

SOX-Section 404

Assessment of Internal Control requires companies to prove they have control and accuracy of their financial reporting. Section 404 requires each public company to include in their annual report the following list.

  • A statement of management's responsibility for establishing and maintaining adequate internal control over financial reporting for the company

  • A statement identifying the framework used by management to evaluate the effectiveness of internal control

  • Management's assessment of the effectiveness of internal control as of the end of the company's most recent fiscal year

  • Disclosure of material weaknesses (A material weakness is a significant deficiency or combination of significant deficiencies that result in more than a remote likelihood that a material misstatement will not be prevented or detected.)

  • A statement that its auditor has issued an attestation report on management's assessment

    Auditor's Attestation

    There are two Auditor objectives in the SOX-Audit.

  • The Auditor needs to state an opinion on whether the financial statements are fairly stated

    Passing the Audits

    Proving that companies have internal controls in place that protect customer information and accurate report financial information are at the heart of the audits.

    Development teams that have sound software development process and follow SCM best practices have found that most of these reporting and auditing processes and procedures to already be in place. It is just a matter of running reports and documenting the audit trail

    However, some organization's development teams that have little to no processes in place have found these new reporting and auditing requirements to be quite invasive and painful to meet. Not only are they struggling with providing audit reports, they are having to create processes that support the accuracy of these reports.

    For many organizations, this is no small feat.

    Sarbanes - Oxley Solution

  • Create and document a source code access process and follow it.

  • Periodically, review the users who have access, make the required modifications and show the audit trail.

  • Create source code owners who are responsible for source code access and review.

  • Document source code access request and approvals.

  • Provide documentation for SOX Auditors for tracking and Audit evidence proof.


    Definition of Information Technology Table of Contents

    Definition of Information Technology Definition of Information Technology describes the primary function of Information Technology. Along with the scope of IT Services and Technologies provides to the Information Technology Services Customers.

    Cloud Computing Cloud Computing is the use of Internet computer and software technologies to provide a variety of computer services. It is more than virtual servers. It is a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. The name Cloud comes from the common diagram of the Internet as it is often depicted in computer network diagrams.

    Disaster Recovery The purpose of this page is to establish a standard for disaster recovery for systems, applications and their configurations.

    ITIL ITIL, Information Technology Infrastructure Library, is a set of best practices that support the delivery of Information Technology Services.

    ITIL V3 ITIL v3, Information Technology Infrastructure Library, is a set of best practices that support the delivery of Information Technology Services.

    Six Sigma Six Sigma seeks to identify and resolve the causes of defects and errors in engineering and business processes. It uses a set of quality management methods, including statistical methods, and creates a special infrastructure of people within the organization who are experts in these methods. Each Six Sigma project carried out within an organization follows a defined sequence of steps and has quantified financial targets.

    SOA Strategies SOA Strategies, the importance of IT articulating the value of its technology strategy to corporate decision makers, the correlation between architecture and successful business-driven initiatives such as cloud computing and software as a service, and how to avoid common architecture mistakes.

    SOX SOX, Sarbanes Oxley, reporting and testing requirements are mandating formal approvals and reviews of people who have access to application source code.

    SOX Source Code SOX Source Code how to maintain a SOX audit for source code control, you must maintain access control and provide an audit trail of access.

    SCMWise Software Configuration Management SCMWise is dedicated to SCM. This site is a central repository for the collection of best practices, processes, methodologies and tools that surround SCM.

  • SCMWise Configuration Spec

    © Copyright 2007 - 2017
    Powered by Site Build It!
    Page copy protected against web site content infringement by Copyscape's Privacy Policy
    ADD TO YOUR SOCIAL BOOKMARKS: add to BlinkBlink add to add to DiggDigg
    add to FurlFurl add to GoogleGoogle add to SimpySimpy add to SpurlSpurl Bookmark at TechnoratiTechnorati add to YahooY! MyWeb