In order to achieve Sarbanes-Oxley compliance a company must have a system where information is accessible and manageable. Often times companies lose track of important information and may be unaware of its whereabouts. This information is very important and may be contained in documents that have been lost in email or even inside the hard drives of company equipment. In order to solve this problem a company must have a system to manage this information to pass along in these corporate disclosures. To add to the plight of the editor, Sarbanes Oxley Act 404 makes it the responsibility of the Auditor and the company management to do a kind of top down risk assessment.
More on sarbanes oxley and sarbanes oxley section 302