Sarbanes-Oxley’s computer security requirements remain vague, and auditors’ evaluations continue to be subjective. IT managers often think of SOX as a technology mandate, but it is primarily an accounting and financial reporting mandate. A SOX compliance effort should be driven by the business side, with IT playing the role of key facilitator. To pass a SOX audit, your company must implement security best practices for any system that touches anything and everything related to financial reporting and accounting systems.”]
Source: https://www.darkreading.com/analytics/10-best-practices-for-meeting-sox-security-requirements