• Here's some of the things we do to ensure SOX compliance:

    Have an owner for each application who is responsible for approving any changes to the application.

    Each database should have an owner for the data. This may be differnet than the owner of the application, if there ar emultiple databases associated with a single application. Data owners approve access to teh data.

    Document the risks associated with each system, and have the application owner sign the risk assessment.

    Document the controls that mitigate the risks for each system. The application owner should sign the list of controls

    Where possible, track which ID made changes to data, particularly on tables with critical data.