The Sarbanes Oxley Act holds executives of corporations responsible for the effectiveness of the internal control structure in their organizations. Any shortcomings in the controls must be reported by registered external auditors.

​

The internal control structure must be established to prevent data tampering, track data access, detect security breaches and report them to SOX auditors. These controls include monitoring any changes to the Enterprise Resource Planning (ERP) software logging the specific change, when it was made and by whom.

​

This law requires that all annual financial reports must include an Internal Control Report and an assessment by management of the effectiveness of the control structure.