SOX 404 / ICFR
Sarbanes‑Oxley Act of 2002, Section 404 - Internal Control over Financial Reporting (ICFR), assessed and reported by management and audited in accordance with PCAOB Auditing Standard AS 2201 (revised 2020), based on the COSO Internal Control - Integrated Framework (2013).
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (5)
Business Process
| Code | Title |
|---|---|
| SOX404-3 | Business Process Controls (Revenue, Procurement, HR, Inventory) |
Deficiency
| Code | Title |
|---|---|
| SOX404-5 | Deficiency Evaluation and Remediation |
Entity-Level
| Code | Title |
|---|---|
| SOX404-1 | Entity-Level Controls (ELC) |
FRP
| Code | Title |
|---|---|
| SOX404-2 | Period-End Financial Reporting Process (FRP) |
ITGC
| Code | Title |
|---|---|
| SOX404-4 | IT General Controls (ITGC) - Access, Change, Operations |
Frequently Asked Questions
What is SOX 404 / ICFR?
SOX 404 / ICFR is a compliance framework from United States with 5 domains and 5 controls. Sarbanes‑Oxley Act of 2002, Section 404 - Internal Control over Financial Reporting (ICFR), assessed and reported by management and audited in accordance with PCAOB Auditing Standard AS 2201 (revised 2020), based on the COSO Internal Control - Integrated Framework (2013). It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does SOX 404 / ICFR have?
SOX 404 / ICFR has 5 controls organised across 5 domains. The largest domains are Business Process (1 controls), Deficiency (1 controls), Entity-Level (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does SOX 404 / ICFR map to?
SOX 404 / ICFR does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.
How do I get started with SOX 404 / ICFR compliance?
Start your SOX 404 / ICFR compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about SOX 404 / ICFR requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 5 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.
Get Started Free →Free forever — no credit card required