SOX article by Dan Blum

Risk management, controls key to SOX

Gee Dan, ya think?

But he did make a couple of good points:

  1. IT risk management is "a good thing", independent of SOX
  2. SOX compliance is different from typical IT risk management in that SOX doesn't care if the organization suffers financial loss, just that it accurately reports on such losses.