Of SOX Compliance, and IT and Process Controls

Internal control over financial reporting, as mandated by Section 404 of SOX, is, to a large extent, contingent on allied process and technology controls.

The following document provides a beginner's guide to three popular frameworks or methodologies that bring discipline to software development and IT processes. These include: ITIL, a library of best practices for the provision of quality IT services, COBIT, an IT governance framework that can be applied to the entire IT realm and its processes in general, and the Capability Maturity Model (CMM), a more detailed and granular approach to controlling individual processes within the IT realm. It also investigates the role of software configuration management (SCM) and process/workflow management solutions in implementation of critical processes that provide reliable data for an IT audit.
http://www.vsj.co.uk/articles/display.asp?id=386

For a comprehensive treatment of IT controls as they pertain to internal control over financial reporting, refer to the document "IT Control Objectives for Sarbanes-Oxley" authored by the IT Governance Institute (http://www.itgi.org).