Sections under the SOX compliance, more relevant to the Information Technology domain are as follows:
1. Section 302: Certification of Financial Reports
This section refers to the requirement that CEOs, CFOs and registered public
accounting firms must certify the accuracy of financial statements, as well as retain
and make public the internal information used to produce the reports. For the IT
operations folks and the CIO, that means all e-mail messages must be preserved and
there must be a verification that the integrity of these systems is being properly
maintained.
2. Section 404: Certification of Internal Controls
This section requires that a company's internal controls, or the systems, processes,
applications and policies which are used to develop and maintain the financial reports
for the company, be documented and certified.
3. Section 409: Material Event Reporting
This section requires that a company must disclose information regarding material changes in the financial condition
of the company. Moreover, these changes must be captured and reported in real-time. This section has not yet
gone into effect.