The major activities I identified for implementation of SOX are :
1) Preparing SOX documentation:
Business flows
Process flows
Imformation flows
Documentation flows for each area of business / department
2) Conducting a Risk Assessment:
Identifying the risks
Classification of the risks � Qualitative and Quantitative risks
Quantifying the risks � identifying the cash flow impact
Development of risk mitigation strategies
3) Finalizing the risk grades and score cards:
Discussions with the department heads
Review and assessment of the risk matrices and mitigation strategies
Finalizing the risk grades and score cards
Information Technology and automation
4) SOX Compliance:
Management report on internal control (u/s. 404)
Management certifications (u/s. 302)
On-going compliance and implementation of risk mitigation strategies
with the SOX champion of that department / area
This is a ripoff from here.