Connect with us


What do you know about SOX ITGC?

ITGC is critical in SOX-audited companies as it guarantees that the tech tools your organization utilizes in the different departments are used effectively.

project manager laptop office
Image: StackSocial

Today, most organizations are concerned about data security because of the ever-present threat of cyber attacks.

For a business, at least five information security compliance requirements apply. If the business is in California, the state also has a specific business compliance requirement.

Moreover, a company that operates in Europe has to comply with another business requirement. 


One of the business compliance requirements in the United States is SOX, which stands for Sarbanes-Oxley. It is an Act introduced in 2002 to protect investors from the spurious accounting activities of many corporations.

The law covers all public companies and applies to foreign companies, publicly-traded companies, and wholly-owned subsidiaries that do business in the U.S. While the Act itself does not have any specific requirements regarding information technology, IT does affect organizations’ information and the security of those systems.

The financial data that the law covers are processed and stored in said IT systems. Thus, the Information Technology General Controls (ITGC) component becomes a compliance requirement. 

Factors to know about SOX ITGC

The focus of SOX is the appropriateness of financial business practices, including information technology.

Given this, public businesses should also consider having SOX IT General Controls compliance and ensure that each company’s security and IT activities are well-governed and adequately managed by abiding with the industry’s approved policies, procedures, and best practices. 

If you meet all the requirements, you can achieve SOX ITGC compliance in two to three months. However, your compliance must be continuous, and your organization must prepare a quarterly audit each year after the issuance of the financial statement schedule.  

Every compliance regulation is time-consuming and laborious. Thus many organizations are choosing SOX ITGC automation to reduce the number of IT staff assigned to the task and ensure that they can prepare the requirements accordingly.

Control sets

SOX ITGC has two sets of controls. One is SOX controls requiring the company to record, test, review, and maintain the essential controls affecting the company’s financial reporting processes.

These internal controls have procedures to identify or prevent issues in business processes that impact the accuracy and integrity of the preparation of financial reports.

In addition, SOX compliance audits should be done regularly by the company’s in-house auditors although controls are already there for SOX compliance.  

The other set is the ITGC controls. Your internal auditors should likewise do ITGC checks or audits to verify if the controls are adequate to ascertain the accuracy and completeness of the financial reposting system.

Again, this set should be the first to be implemented as it supports your audits and SOX compliance.

In conclusion, ITGC is critical in SOX-audited companies as it guarantees that the tech tools your organization utilizes in the different departments are used effectively.

Moreover, ITCG sees to it that the tools are protected from a variety of risks and vulnerabilities. Because of the constant threat to data security, the ITGC component of SOX ITGC compliance covers the entire IT management of the organization. Therefore, it has a bearing on the overall result of the SOX ITGC compliance. 

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Chris has been blogging since the early days of the internet. He primarily focuses on topics related to tech, business, marketing, and pretty much anything else that revolves around tech. When he's not writing, you can find him noodling around on a guitar or cooking up a mean storm for friends and family.

More in Tech