What is SOX ITGC?
The IT General Controls that support Sarbanes-Oxley compliance, protecting the integrity of financial-reporting systems.
Definition
SOX ITGC (IT General Controls) are the controls over the IT systems that underpin financial reporting, supporting compliance with the US Sarbanes-Oxley Act (SOX) of 2002. SOX requires public companies to attest to the effectiveness of internal controls over financial reporting (ICFR), and because those controls run on IT systems, ITGCs are essential to their reliability.
ITGCs typically span access management, change management and IT operations — ensuring only authorised changes and access reach the systems that produce financial data.
Core ITGC domains
Access to programs & data
Provisioning, access reviews and segregation of duties.
Change management
Authorised, tested and approved system changes.
IT operations
Job scheduling, backups and incident management.
Program development
Controls over new systems and major changes.
Who needs to comply?
US public companies — and many pre-IPO firms preparing for listing — must maintain SOX ITGCs as part of ICFR; their external auditors test these controls annually.
How ISpectra helps
ISpectra designs and operationalises your SOX ITGC framework — access reviews, change-management workflows and operational controls — and prepares the evidence your external auditors expect.
Talk to an advisor