Some excellent planning excerpts from this informative article:

http://searchdatacenter.techtarget.com/tip/Five-tips-to-prep-for-a-Sarbanes-Oxley-audit

The SOX compliance requirements are complex and detailed. If you have an annual Sarbanes-Oxley audit on the horizon, brush up on your responsibilities and prep work in these recommended steps:

1. There are ways to streamline compliance efforts for the biggest SOX hurdle: SOX 404. For example, test only the internal controls that could lead to a material misstatement if they failed. By filtering out just this subset of controls, you’ll save time and effort in the long run.

2. Create a flow chart of processes, procedures and related activities in the organization so you know where to place controls to prevent errors.

3. Review your data governance and security protocols

4. Most SOX-regulated IT organizations use COBIT, ITIL or another governance methodology to ensure consistent practices.

5. All this internal SOX audit preparation is a gateway to compliance best practices and easier protection of new IT initiatives, such as virtual desktops or cloud.

6. Don’t forget about software as a service (SaaS). Sensitive data frequently resides off-site on these third-party SaaS applications, and auditors are adapting to fetter out non-compliance. If your organization relies on SaaS vendors, verify that they keep data SOX-compliant with SAS 70 reports.

7. The right auditor makes the entire process run more smoothly. Choose a company that has experience in your specific industry.

8. There’s nothing wrong with asking questions about what you’ll be audited on and what the auditors’ methods will be. It will help your IT organization prepare and avoid common mistakes.