In the wake of the atrocities caused by ENRON, MCI and other corporations congress passed sweeping audit and certification requirements. This law named in honor of it's sponsors Senator Paul Sarbanes (D-Md.) and Representative Michael G. Oxley (R-Oh.) is Sarbanes-Oxley aka SarBox or SOX in the business world. This governs every publicly traded company in the USA and falls on the Securities and Exchange Commision to oversee the SOX process.
In addition to mandating the CEO "sign in blood" under penalty of prison time they have reviewed the financial statements and attest to their truth there are also Information Technology(IT) requirements. These are known as Section 404 requirements in reference to the section of the law. Section 404 governs how financial data is stored in computer systems. A yearly audit requires that documentation be produced for each and every computer application. From first hand experience this documentation involves producing some 150-200 documents per application with an average time of 1.5 person hours per document. So extrapolating forward that's 1000's of documents and thousands of person hours of time for just the computer people. Although I have no first hand knowledge of the business audit requirements I'm told third hand it's equally grueling.
Too many people lost too much money before SOX came along but rather than submit to the rigors of SOX, corporations are taking many approaches. They are not becoming publicly traded remaining privately owned aka private equity. The other newest fad is issuing shares on foreign exchanges such as The London or Russia stock Exchanges. In addition those publicly traded companies are withdrawing from trading by becoming privately equity companies.
As I posed in the pun do you have stories to tell about SOX?