This article has some good food for thought on SOX impacts on IT, for example:

"There appears to be a prevailing view that SOX is fundamentally a set of regulations that have to be complied with and provided IT Directors and CIOs ‘tick the various boxes’ SOX compliance is in the bag. This is a perilous position because SOX is different from other forms of regulations in three ways: One, external people such as auditors and regulatory bodies check to ensure that controls are in place not only on paper but are being used as well. Two, this legislation has significant penalties and fines built into it. CEOs and FDs can fined up to $20million and serve up to 10 years in prison under the Act. Three, material weaknesses have to be reported publicly in financial statements, the impact on share prices for non-compliance with SOX is hardly likely to be positive. "

Check out the parent site: ITSM Portal International Web Site