SOX § 404 IT controls
Sarbanes-Oxley § 404 requires public companies to maintain — and have their auditors attest to — an adequate internal control structure for financial reporting. When AI systems influence the numbers that flow into financial statements, those systems are in scope.
What's actually required
The Public Company Accounting Oversight Board's Auditing Standard 5 specifies that IT general controls (ITGCs) for systems affecting financial reporting must include:
- Change management — every modification to a system in scope must be authorized, tested, and traceable
- Logical access — only authorized personnel can modify production
- Operations — failures and unusual events are detected, investigated, resolved
- Computer operations — backups, scheduling, recovery
The change-management requirement is the one where AI systems most often fail audit. A model gets retrained, the new weights ship to production, and there's no auditable evidence chain connecting "the recommendation that affected this 10-Q line item" to "the specific model version that produced it."
Verdifax as change-evidence
Each Verdifax manifest hash binds an inference to:
- The exact
program_id(which model, which version) - The
registry_record_hash(the authorization record approving that program for production use) - The hardware attestation (which runtime, which kernel)
- The full transcript and execution plan
If the model changes — new weights, new code path, new approval record — the program_id and registry_record_hash change. Inferences after the change produce different manifest hashes. The hash itself is the change-evidence.
Mapping
| ITGC requirement | Verdifax contribution |
|---|---|
| Change management — all production changes traceable | Every inference is anchored to a specific program + registry record |
| Change management — unauthorized changes detected | Modifying any sealed field invalidates the hash |
| Operations — unusual event review | status: "stage_error" runs are persisted for forensic review |
| Operations — financial-relevant computations reproducible | Same inputs + same program → same hash |
| Logical access — privileged operations logged | Verdifax admin endpoints (/admin/keys) require a privileged key; revocations are auditable |
Sample SOX-relevant attestation
receipt = verdifax.attest(
payload=canonical_invoice_classification_input,
program_id=PROD_INVOICE_AI_PROGRAM_ID, # registered, approved for prod
route_id="invoice-class-q4-2026",
registry_record_hash=PROD_REGISTRY_RECORD, # ties to change-control ticket
)
journal_entry = JournalEntry(
debit=...,
credit=...,
classification=model_output,
ai_attestation=receipt.manifest_hash, # ← evidence chain ends here
)
The journal entry now carries cryptographic evidence of which AI program produced the classification. The auditor traces from the entry → manifest hash → program registry record → change-control ticket. End-to-end change-evidence in one chain.
What this is not
Verdifax doesn't replace a SOX program — it provides the IT-control evidence for the AI portion of one. Process controls (segregation of duties, journal-entry review, period-end close procedures) are still required and still your responsibility.