From Splunk Wiki
The Sarbanes-Oxley Act is designed to protect investors by improving the accuracy and reliability of corporate disclosures made in accordance with securities laws. The Public Company Accounting Oversight Board (PCAOB) oversees the auditors of public companies.
SOX Section 404 Assessment of internal control
The SOX regulation is split up into multiple sections. Section 404 is concerned with internal controls and is the most important section to be implemented through IT. Section 404 requires management and the external auditor to report on the adequacy of the company's internal control over financial reporting (ICFR).
The PCAOB was created to protect investors and the public interest by promoting informative, fair, and independent audit reports. The PCOAB publishes a set of standards that should be followed by auditors when conducting a SOX audit. These guidelines can be used to implement a reporting framework around your SOX initiatives. The relevant links are:
IT Security Frameworks
SOX itself does not dictate or define exact reports around the SOX regulation. Therefore companies generally use either COBIT or  to implement an IT security practice that satisfies SOX compliance. Therefore, most companies are reporting around SOX compliance based on either one of these frameworks.
In simple terms, SOX reporting is all about the integrity of your financial information. You have to show who had access to the financial information and records and what they were doing to them.
Some specific reports that are useful for SOX are:
- Monitoring financial applications and databases (Cobit section AI2.3)
- Monitor database audit trails
- Report on authentication and authorization (Cobit section DS5.3)
- Monitor for job role changes and terminations (Cobit section PO7.8)
- Segregation of duties (Cobit Section PO4.11)
- Administrative activity on financial systems
- Report on unauthorized access attempts
- Addition of users to administrator group
- Any administrative login to applications, databases, systems, and network devices
- Monitor user activity
- Monitor financial servers for
- security threats (Cobit section DS5.5, DS5.10)
- configuration changes (Cobit section AI6.1)
- Monitoring infrastructure supporting financial information
- change control reporting (Cobit section AI6.1)
- change validation (Cobit section DS9.3)
- security monitoring (Cobit section DS13.3)
- Report on security policy violations
- Generate reports for SOX audits
- Data management (Cobit section DS11.6)