In 2002, the Financial Services - Credit Security division of a major Fortune 500 corporation, began conducting quarterly audits on user access levels. This audit is referred to as a "SOX" audit, also known as the Public Company Accounting Reform and Investor Protection Act of 2002. SOX is a United States federal law passed in response to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, and WorldCom (now MCI). These scandals resulted in a decline of public trust in accounting and reporting practices. Named after sponsors Senator Paul Sarbanes (D?Md.) and Representative Michael G. Oxley (R?Oh.), the Act was approved by the House by a vote of 423-3 and by the Senate 99-0. The legislation is wide ranging and establishes new and enhanced standards for all U.S. public company boards, management, and public accounting firms. The act contains 11 titles, or sections, ranging from additional Corporate Board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law (Volz & Tazian, 2006). Section 404 of the Act directs the Commission to adopt rules requiring each annual report of a company, other than a registered investment company, to contain (1) a statement of management's responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and (2) management's assessment, as of the end of the company's most recent fiscal year, of the effectiveness of the company's internal control structure and procedures for financial reporting. Section 404 also requires the company's auditor to attest to, and report on management's assessment of the effect ...