The Sarbanes-Oxley Act (SOX) has profoundly affected IT governance and operations, especially Section 404: Management Assessment of Internal Controls. Organizations of all sizes are struggling to put the processes and infrastructure in place to address SOX compliance needs.