Sarbanes-Oxley Resources
The Sarbanes-Oxley Act of 2002 (SOX) was designed to restore investor confidence in U.S. public markets in the wake of business scandals and corporate governance failures. SOX has received considerable attention, but relatively little focused on the roles information technology and IT controls play in business management, financial processing, or financial reporting. Reliability, accuracy, and timeliness of financial reporting in most organizations depend heavily on IT as most business controls and virtually all business processes are automated. Further, IT professionals are responsible for the quality and security of information and systems, but most are not familiar with SOX or its requirements for reporting on the reliability of the system of internal control. Internal auditors can play a pivotal role in addressing business controls managed by IT as well as helping to structure the required assessment and assurance processes.

• Sarbanes-Oxley Section 404: A Guide for Management by Internal Control Practitioners (PDF)
• IIA Sarbanes-Oxley Act seminars:
  • Sarbanes-Oxley: Assessing IT Controls
  • Sarbanes-Oxley: Process Improvement Workshop
• IIA Technology Seminars including The IIA/Deloitte courses
• ISACA IT Control Objectives for Sarbanes-Oxley - A Discussion Document
• Protiviti has released a publication offering guidance to Section 404 compliance project teams on the consideration of information technology risks and controls at both the entity and activity levels within an organization. The questions and answers focus on the interaction between the IT organization and the entity's application and data-process owners and explain the implications of general controls and how they are considered at the process level.