SOX Complaince 

All public companies in US or subsardies that does business in US now must comply with SOX, both on the financial side and on the IT side.

Publcialy Traded Companies
Wholly owned subsadries 
Non US publically traded companies
Priavte companies going for IPO

Companies must maintain adequate internal control structure and document ICFR

Scope: Clarify the scope of the SOX-ITGC engagement, including the in-scope systems, applications, and processes. Determine which ITGCs (IT General Controls) are in scope, and identify any potential areas of focus. Control objectives: Review the control objectives for ITGCs that are in scope. Clarify which control objectives are relevant to the client's business processes and how they will be tested. Documentation: Determine what documentation exists for the ITGCs, such as policies, procedures, and controls, and how it will be reviewed during the engagement. Roles and responsibilities: Clarify the roles and responsibilities of the client's IT and business teams, as well as the audit team. Timing: Establish a timeline for the SOX-ITGC engagement, including the start and end dates, testing periods, and reporting deadlines. Reporting: Discuss the reporting requirements for the SOX-ITGC engagement, including the format and frequency of reporting, and how the audit results will be communicated to stakeholders. Internal and external audits: Determine if the client has undergone any previous internal or external audits related to ITGCs and how the results will be used to inform the SOX-ITGC engagement.