Major SOX Sections
SOX Act of 2002
Other SOX Resources
Sarbanes Oxley Audit Requirements
The Sarbanes Oxley Act requires all financial reports to include an Internal Controls Report. This shows that a company's financial data accurate and adequate controls are in place to safeguard financial data. Year-end financial dislosure reports are also a requirement. A SOX auditor is required to review controls, policies, and procedures during a Section 404 audit.
SOX auditing requires that internal controls and procedures can be audited using a control framework like COBIT. Log collection and monitoring systems must provide an audit trail of all access and activity to sensitive business information.
Specifically, SOX sections 302, 404 and 409 require the following parameters and conditions must be monitored, logged and audited:
Internal controls
Network activity
Database activity
Login activity (success and failures)
Account activity
User activity
Information Access