Under section 404 of SOX compliance, management is required to produce an "internal
control report". It must affirm the responsibility of management for establishing
an adequate internal control structure and procedures for financial reporting.
SOX Section 404 and other regulatory requirements specify that enterprises create
and maintain detailed information about information flow and user access across
entire enterprise networks. Centrally managed repositories of such information are
also essential elements of effective Identity and Access Management and IT security
It is the duty of IT to assure that authorized people conduct all financial transactions
and data entry, and that all transactions get logged and tracked in ways that support
comprehensive auditing. To meet these and other business requirements, IT executives
must ensure that the Identity and Access Management (IAM) solutions at their enterprises
deliver adequate levels of demonstrable, transparent compliance.