In plain terms. The Sarbanes-Oxley Act of 2002 imposed internal-control and financial-reporting requirements on public companies in the wake of major accounting scandals. Its Section 404 internal-controls mandate drives extensive IT general controls and information-security practices over systems that affect financial reporting.
Citation. Pub. L. 107-204 (Jul. 30, 2002); 15 U.S.C. § 7201 et seq..