I'm pleased to say MSDN has just published our paper on Team System and Sarbanes-Oxley (SOX).

There seems to be some confusion around SOX and software development. SOX isn't a standard for software, and no software tool can make a business "SOX compliant". SOX relates to the management of transactions that affect assets, and is undertaken with the help of a qualified appraiser who defines a risk management framework for your business. Some of the risks identified may involve your software development activities. Because Team System closely shadows the software development process, it can be a good platform for gathering data in support of SOX objectives.

The paper looks at several example risk scenarios for a business and suggests ways to use Team System. (The paper doesn't talk about more general functions like auditing with Team System, etc.)

I hope the paper helps, you can find it here:

Sarbanes-Oxley 404 and Team System 2008


Andrew Delin

...more on team processes and innovation at ProcessofInnovation.com