IT plays a central role in an enterprise's ability to comply with the Sarbanes-Oxley Act of 2002. To meet the act's regulations, IT managers must be proactive. Use this checklist to guide an organized approach to reaching and sustaining compliance.

  • Initiate and maintain communication with others involved in Sarbanes-Oxley compliance efforts within your organization.
  • Review all internal IT processes to ensure they can be audited and that all changes can be documented.
  • Review record retention and data storage strategies and infrastructure.
  • Evaluate nonstandard and standalone IT systems to ensure proper controls are in place.
  • Determine, implement, and reevaluate as necessary the technology needed to comply with Sarbanes-Oxley and to sustain compliance going forward.
  • Include operational transparency in the ongoing evaluation of new technology.
  • Determine and implement best practices to the extent possible.