Description

The 2026 SOX reporting cycle requires expanded IT controls coverage for new FASB disclosure standards (ASU 2023-07 segments, ASU 2023-09 tax, ASU 2023-08 crypto). SOX scope must also cover faster 8-K materiality judgments for cyber incidents, sustainability data controls, and address PCAOB inspection expectations around cloud migrations, AI use, and vendor shifts.

Requirements

Expand SOX IT controls for new FASB disclosure standards
Update controls for ASU 2023-07, 2023-09, and 2023-08
Implement controls for 8-K cyber incident materiality judgments
Address sustainability data control requirements
Review controls for cloud migrations and AI use

Applicable To

SEC-registered public companiesOrganizations subject to SOX Section 302/404

Penalty Information

⚠SOX violations including fines up to $5 million and up to 20 years imprisonment for willful violations.

308

days remaining

December 31, 2026

Share:X in @

Framework

SOC 2

System and Organization Controls 2

Related SOC 2 Deadlines

SOC 2 Type II Audit Period Start
January 1, 2026
SOC 2 Quarterly Access Review - Q1
March 31, 2026
SOC 2 Quarterly Access Review - Q2
June 30, 2026
SOC 2 Quarterly Access Review - Q3
September 30, 2026

SOX IT Controls - New FASB Disclosure Requirements