SOX Complaince All public companies in US or subsardies that does business in US now must comply with SOX, both on the financial side and on the IT side. Publcialy Traded Companies Wholly owned subsadries Non US publically traded companies Priavte companies going for IPO Companies must maintain adequate internal control structure and document ICFR Scope: Clarify the scope of the SOX-ITGC engagement, including the in-scope systems, applications, and processes. Determine which ITGCs (IT General Controls) are in scope, and identify any potential areas of focus. Control objectives: Review the control objectives for ITGCs that are in scope. Clarify which control objectives are relevant to the client's business processes and how they will be tested. Documentation: Determine what documentation exists for the ITGCs, such as policies, procedures, and controls, and how it will be reviewed during the engagement. Roles and responsibilities: Clarify the roles and responsibilities of