Skip to main content
Meet Sarbanes-Oxley requirements for internal control over financial reporting.
The Sarbanes-Oxley Act (SOX) is a US federal law that sets requirements for public company financial reporting and internal controls. Sections 302 and 404 require management to assess and certify the effectiveness of internal control over financial reporting (ICFR), with IT general controls (ITGCs) playing a central role.
SOX applies to publicly traded companies in the US and the controls supporting their financial reporting systems.

Who needs US SOX?

Public companies

US-listed companies subject to SEC reporting requirements.

Pre-IPO companies

Organizations preparing for an IPO that need SOX-ready controls.

Key components

ITGCs

IT general controls over access, change management, and operations.

Section 302

Management certification of financial reports each quarter.

Section 404

Annual assessment of internal control over financial reporting.

Segregation of duties

Prevent conflicts by separating incompatible responsibilities.

How DSALTA helps with US SOX

1

Activate US SOX

Select US SOX from the Frameworks page. DSALTA maps ITGCs to controls.
2

Review ITGCs

Review access, change management, and operations controls and assign owners.
3

Collect evidence automatically

Connect integrations to gather ITGC evidence continuously.
4

Approve policies

Review and approve IT and financial control policies.
5

Prepare for audit

Share ITGC evidence with your external auditors.

Frequently asked questions

IT general controls are the foundational controls over your IT environment — access management, change management, and operations — that support reliable financial reporting.
SOX does not mandate one, but COSO is the most widely used framework for the underlying internal control assessment.