Protiviti has published the second edition of its popular book, Guide to the Sarbanes-Oxley Act: IT Risks and Controls. This publication is the definitive resource guide on IT risks and control issues related to compliance with SOX Section 404. Guide to the Sarbanes-Oxley Act: IT Risks and Controls (Second Edition) provides guidance to Section 404 compliance project teams on the consideration of IT risks and controls at both the entity and activity levels within an organization. Questions and answers in the book focus on the interaction between the IT organization and the entity’s application and data-process owners, and explain the implications of general IT controls and how they are considered at the process level. This guide also explores how application-control assessments are integrated with the assessment of business-process controls, and addresses documentation, testing and remediation matters.